Setup Instructions
Blue Hexagon Support will provide you with the following information to set up the SAML connection with your SSO Identity Provider (IdP):
Entity ID: Uniform Resource Name (URN) that uniquely identifies Blue Hexagon as a Service Provider (SP)
Assertion Consumer Service (ACS) URL or Reply URL: URL at the Service Provider (Blue Hexagon) that accepts SAML artifacts from the IdP
Signing Certificate: Blue Hexagon certificate containing the encryption key necessary for authentication
SAML User Attributes Mapping
Ensure that at least the following user attributes are configured in your IdP:
emailaddress
: User’s email addressgivenname
: User’s given name or first namesurname
: User’s surname or last namename
: Principal name of user in the IdP
If the user attributes are configured differently in your IdP, please inform Blue Hexagon Support of the user attribute mapping.
SSO SAML Information to Send to Blue Hexagon
Once you have configured your SSO Identity Provider (IdP), please provide the following information to Blue Hexagon Support:
Email Domains: Enterprise domains (e.g. http://acme.com ) that will access Blue Hexagon via SSO
Sign-in URL: Your SSO IdP sign-in URL to which Blue Hexagon will redirect
Sign-out URL: Your SSO IdP sign-out URL
X.509 Signing Certificate: SSO IdP public key in .pem or .cer format
User ID Attribute: (Optional) Attribute in the SAML token that will be mapped to the
user_id
property in Blue HexagonProtocol Binding: HTTP-POST (recommended) or HTTP-Redirect
Single Sign-On (SSO) Flow
Blue Hexagon recommends Service Provider initiated SSO flows, i.e. have your users access the Blue Hexagon portal first with redirection to your Identity Provider. If you must use Identity Provider initiated SSO flows, talk to your Blue Hexagon Account Team.
When you access the Blue Hexagon portal, you will be redirected to the login page.
Enter your SSO email address in the highlighted box. Blue Hexagon automatically performs Home Realm Discovery and will indicate that Single Sign-On (SSO) is enabled for your domain.
On clicking Log In, you will be taken through your SSO Identity Provider’s authentication flow as appropriate, and will be redirected to the Blue Hexagon Portal upon successful authentication!