BlueCat Edge can leverage a Single Sign-On (SSO) integration to authenticate and provide access to users within SSO environments. BlueCat Edge can be configured as a Service Provider in a SAML 2.0 Federation, enabling a single sign-on user experience. Once you have enabled the SSO integration, login access will be granted to users of an organization based on the authenticated session with the Identity Provider (IdP) and the role associated with that user in the IdP.
Attention: BlueCat Edge only supports service provider
(SP) initiated SSO.
Once you enable the SSO integration, all users must use single sign-on to log in to
BlueCat Edge. However, locally-created System Administrator users can log in to BlueCat
Edge using credentials that are created on the BlueCat Edge Cloud if required, such as
in the event that BlueCat Edge is unable to receive the SAML response from the IdP to
successfully authenticate users.
Note: If authentication fails for other reasons and you
can't log in to the BlueCat Edge UI, corporate users with the system administrative
role can modify the SSO integration through the BlueCat Edge API.
Enabling and configuring SSO involves the following steps:
Attention:
- BlueCat strongly recommends that the corporate system administrator users create a new API access key set after enabling the SSO integration.
- Once you have deleted or deactivated a user within your IdP or removed their Edge Role, a user with the System Administrator role must also remove any API access key sets associated with the inactive user using the /v1/api/apiKeys?email={email} (DELETE) method.