| Support Note |
|---|
| This topic may not be relevant to all Bluescape members and may not apply to all Organizations. If you’re unsure whether your Organization has this capability, please reach out to your IT department. |
Single Sign-On (SSO) allows you to sign in to Bluescape from a centralized identity provider (IDP), simplifying both member experience and member management. Bluescape supports SSO through IDPs using the SAML 2.0 standard.
The certified SAML IDPs for Bluescape are:
Note: To learn how to set up SSO for F5, contact Bluescape Support by replying to this topic below.
Setting up SSO involves exchanging information between the customer and Bluescape Support. To set up SSO in Bluescape:
- Contact Bluescape Support and inform them that you want to set up SSO for your organization with one of the IDPs listed above.
- Provide Support with the contact email address of your SSO administrator.
- Support then provides you with the following URLs:
| IDP Configuration URLs | |
|---|---|
| Entity ID* | https://portal.apps.us.bluescape.com/saml/metadata/<customer_saml_provider_name>; |
| Assertion Consumer Service (ACS)* | https://identity-api.apps.us.bluescape.com/api/authenticate/<acs_id>; |
| Single Logout Endpoint* | https://identity-api.apps.us.bluescape.com/api/logout/<saml_id>; |
| Single sign-on (SSO) URL* | https://identity.apps.us.bluescape.com/saml/login/sso_name; |
Note: These URLS contain placeholders for the <customer_saml_provider_name>, <acs_id>, <saml_id>, and <identity_provider_name> because they have not been generated yet.
- Map the Attribute Statements as follows:
| Attribute Statement | Example |
|---|---|
| first_name | John |
| last_name | Doe |
| john.doe@domain.com | |
| name | John Doe |
| user_guid | user.id |
** Whatever value you choose for the user_guid attribute must be unique for each member and unchangeable, even if the member’s email changes. Typical values include user.id for Okta, user.objectid for AzureAD, and ObjectGUID for ADFS.
- Provide Bluescape Support with the URL to the metadata XML file created by your SSO provider.
- Support uses this metadata URL to set up a test organization and provide you with the following (updated) URLs:
- Entity ID
- ACS URL
- Single Logout Endpoint
- SSO URL
- Use the above information to complete your IDP configuration.
- Have a member log in to the test organization using the SSO URL provided by Support.
- If the login is successful, provide Bluescape Support with permission to apply the SSO setup to the actual organization.
- All members can now log in via their SSO provider or the SSO URL.
Note: Okta includes a preconfigured Bluescape enterprise application in their Applications list. You should not use it as it is not configured correctly for the current release.
Where to Next?
Not what you were looking for? Reply below or Search the community and discover more Bluescape.