Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Setup Instructions

Blue Hexagon Support will provide you with the following information to set up the SAML connection with your SSO Identity Provider (IdP):

  • Entity ID: Uniform Resource Name (URN) that uniquely identifies Blue Hexagon as a Service Provider (SP)

  • Assertion Consumer Service (ACS) URL or Reply URL: URL at the Service Provider (Blue Hexagon) that accepts SAML artifacts from the IdP

  • Signing Certificate: Blue Hexagon certificate containing the encryption key necessary for authentication

SAML User Attributes Mapping

Ensure that at least the following user attributes are configured in your IdP:

  • emailaddress : User’s email address

  • givenname : User’s given name or first name

  • surname : User’s surname or last name

  • name : Principal name of user in the IdP

If the user attributes are configured differently in your IdP, please inform Blue Hexagon Support of the user attribute mapping.

SSO SAML Information to Send to Blue Hexagon

Once you have configured your SSO Identity Provider (IdP), please provide the following information to Blue Hexagon Support:

  • Email Domains: Enterprise domains (e.g. http://acme.com ) that will access Blue Hexagon via SSO

  • Sign-in URL: Your SSO IdP sign-in URL to which Blue Hexagon will redirect

  • Sign-out URL: Your SSO IdP sign-out URL

  • X.509 Signing Certificate: SSO IdP public key in .pem or .cer format

  • User ID Attribute: (Optional) Attribute in the SAML token that will be mapped to the user_id property in Blue Hexagon

  • Protocol Binding: HTTP-POST (recommended) or HTTP-Redirect

Single Sign-On (SSO) Flow

Blue Hexagon recommends Service Provider initiated SSO flows, i.e. have your users access the Blue Hexagon portal first with redirection to your Identity Provider. If you must use Identity Provider initiated SSO flows, talk to your Blue Hexagon Account Team.

  • Enter your SSO email address in the highlighted box. Blue Hexagon automatically performs Home Realm Discovery and will indicate that Single Sign-On (SSO) is enabled for your domain.

  • On clicking Log In, you will be taken through your SSO Identity Provider’s authentication flow as appropriate, and will be redirected to the Blue Hexagon Portal upon successful authentication!

  • No labels