- Overview of SSO in Blue Triangle
- What we'll need from you
- What your SSO Provider will need from us
- Google Sign-in
To implement SSO with Blue Triangle, users will first need to be created within Blue Triangle’s system. Users must have identical email addresses between Blue Triangle’s system and the SSO Service. The email address is a required attribute that will need to be sent to Blue Triangle in the SAML Assertion.
To configure SSO for your account, go to Settings > Account > Single Sign On Settings. Click Create Configuration and you will see the following. Note: You must be an Account Admin in order to access the SSO configuration.
Note: Users must have identical email addresses between Blue Triangle’s system and the IDP (Identity Provider).
What Blue Triangle Will Need From You
In the Blue Triangle configuration, there are 4 required fields:
- Entity ID (Audience) - Also known as Issuer URL
- Account Sign On Method - Choose between Direct, Single Sign On, or both. Single Sign On restricts authentication to Blue Triangle through SSO only. Direct restricts authentication to Blue Triangle through Blue Triangle only. Both gives the end-user the ability to choose either method.
- Single Sign On Service URL - This is the SAML 2.0 Endpoint
- Single Log Out Service URL - optional
- X.509 Certificate - Must be X.509 PEM
What Your SSO Provider Will Need
- Entity ID (Audience)
- Single Sign on URL (also known as ACS Consumer URL or Recipient)
- Relay State
- Single Log Out Url
In Blue Triangle you can sign in with Google given the following pre-requisites:
- You have a G Suite login
- The email address you're using is associated with an existing user in Blue Triangle