Single Sign-On for Okta

Single Sign-On (SSO) allows you to sign in to Bluescape from a centralized identity provider (IDP), simplifying user experience and management. Bluescape supports SSO through IDPs using the SAML 2.0 standard.

How to Set Up Single Sign-On For Okta

  1. Log in to your Okta account.

  2. In the Applications menu, click the Add Application button.

  3. On the Add Application screen, click the Create New App button.

Note: Okta includes a preconfigured Bluescape enterprise application in their Applications list. It would help if you did not use it as it is not configured correctly for the current release.

  1. On the Create a New Application Integration screen, select the SAML 2.0 radio button.

  2. Click Create.

  3. On the Create SAML Integration screen, enter the app name and click Next.

  4. The SAML settings screen opens. Complete the following substeps:

    • a. Enter the following in the Single sign-on URL field. Note that the final part of the URL–ID – is only a placeholder. It will be updated later with the actual ID of the SAML provider after the provider is added in Bluescape.
    • b. Leave the two checkboxes unchanged.
    • c. In the Audience URI (SP Entity ID) field, enter Bluescape .
    • d. Leave the Default RelayState field blank.
    • e. Set the Name ID format field to Email Address.
    • f. Set the Application username field to Email.
    • g. Leave the Update application username on field unchanged.
  5. Scroll down to the Attribute Statements (Optional) section and enter the following four attributes to provision users on Bluescape:

Name Name Format Value
User.FirstName Unspecified user.firstName
User.LastName Unspecified user.lastName
User.Email Unspecified
user_guid Unspecified **

Note: If you choose to use a value other than, the value must be unique for each user and unchangeable, even if the user’s email changes.

  1. Click Next.

  2. (Optional) In the final section of the screen, provide feedback to Okta.

  3. To complete this stage of the setup, click Finish.

  4. On the Sign-On screen that opens, right-click on the Identity Provider metadata link and select Copy Link Address.

  5. Share the metadata link with Bluescape Support, which is setting up the Organization on the Bluescape side. The link should be similar to the following example:

  6. Bluescape Support will create a new SAML provider and send you its ID.

  7. At the top of the section, click the General tab.

  8. Scroll down to the SAML Settings field and click Edit.

  9. On the General Settings screen that opens, click Next.

  10. In the Single sign-on URL field, replace the placeholder value, which is currently ID, with the ID you got from Bluescape Support in Step 14.

Where to Next?

Not what you were looking for? Reply below or Search the community and discover more Bluescape.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.