BlueCat Edge can leverage a Single Sign-On (SSO) integration to authenticate and provide access to users within SSO environments. BlueCat Edge can be configured as a Service Provider in a SAML 2.0 Federation, enabling a single sign-on user experience. Once you have enabled the SSO integration, login access will be granted to users of an organization based on the authenticated session with the Identity Provider (IdP) and the role associated with that user in the IdP. BlueCat Edge only supports service provider (SP) initiated SSO.
Once you enable the SSO integration, you can't login to BlueCat Edge using credentials that
are locally created on the BlueCat Edge Cloud.
Note: If BlueCat Edge is unable to receive the
SAML response from the IdP that allows it to successfully authenticate users, local
system administrators can log in and modify the SSO integration through the BlueCat Edge
UI. If authentication fails for other reasons and you can't log in to the BlueCat Edge
UI, corporate users with the system administrative role can modify the SSO
integration through the BlueCat Edge API.
Enabling and configuring SSO involves the following steps:
Attention:
- BlueCat strongly recommends that the corporate system administrator users create a new API access key set after enabling the SSO integration.
- Once you have deleted or deactivated a user within your IdP or removed their Edge Role, a user with the System Administrator role must also remove any API access key sets associated with the inactive user using the /v1/api/apiKeys?email={email} (DELETE) method.