To implement SSO with Blue Triangle, users will first need to be created within Blue Triangle’s system. Users must have identical email addresses between Blue Triangle’s system and the SSO Service. The email address is a required attribute that will need to be sent to Blue Triangle in the SAML Assertion.
To configure SSO for your account, go to Settings > Account > Single Sign On Settings. Click Create Configuration and you will see the following. Note: You must be an Account Admin in order to access the SSO configuration.
Note: Users must have identical email addresses between Blue Triangle’s system and the IDP (Identity Provider).
What Blue Triangle Will Need From You
In the Blue Triangle configuration, there are 4 required fields:
- Entity ID (Audience) - Also known as Issuer URL
- Account Sign On Method - Choose between Direct, Single Sign On, or both. Single Sign On restricts authentication to Blue Triangle through SSO only. Direct restricts authentication to Blue Triangle through Blue Triangle only. Both gives the end-user the ability to choose either method.
- Single Sign On Service URL - This is the SAML 2.0 Endpoint
- Single Log Out Service URL - optional
- X.509 Certificate - Must be X.509 PEM
What Your SSO Provider Will Need
- Entity ID (Audience)
- Single Sign on URL [ACS (Consumer) URL]
- Relay State
- Single Log Out Url