Setting up Single Sign-On - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Product name
BlueCat Integrity

This section provides step-by-step instructions explaining how to set up SSO in Address Manager.

Before you Begin

To enable SSO, you need the following:
  • Address Manager v9.2.0 or greater
  • Open port 443 in Address Manager and the IdP
  • Address Manager can access the IdP either on premises or cloud
    Important: Enabling SSO in Address Manager impacts users, user groups, external auhenticators, and API access. BlueCat strongly recommends using a Test Environment with mock users, user groups, and external authenticators to test and validate SSO behaviour. In addition, you should also perform a database backup before enabling SSO.

What you need from Address Manager to set up your Single Sign-On connection

To set up the SSO connection, you need the following from Address Manager:
  • Address Manager domain name
  • Public/private key of the HTTPS server or PKCS archive file

What Address Manager needs from your IdP

To set up the SSO connection, you need the following from your IdP:
  • Name ID format
  • Email attribute name
  • Group attribute name


  • Metadata file (XML) or metadata URL containing all of the above information. For more information, refer to your IdP's documentation on how to download the metadata file.

What your IdP needs from Address Manager

To set up the SSO connection, your IdP needs the following from Address Manager:
  • Entity ID or Audience URI
  • Consume URL, Callback URL, Post-back URL, or Assertion Consumer URL
    Note: The names of Entity ID and Consume URL will vary by IdP; additional SAML assertions might also be necessary.