BlueCat DNS Edge can leverage a Single Sign-On (SSO) integration to authenticate and provide access to users within SSO environments. BlueCat DNS Edge can be configured as a Service Provider in a SAML 2.0 Federation, enabling a single sign-on user experience. Once you have enabled the SSO integration, login access will be granted to users of an organization based on the authenticated session with the Identity Provider (IdP) and the role associated with that user in the IdP. DNS Edge only supports service provider (SP) initiated SSO.
Once you enable the SSO integration, you can't login to DNS Edge using credentials that
are locally created on the DNS Edge Cloud.
Note: If DNS Edge is unable to receive the
SAML response from the IdP that allows it to successfully authenticate users, local
system administrators can log in and modify the SSO integration through the DNS Edge
UI. If authentication fails for other reasons and you can't log in to the DNS Edge
UI, corporate users with the system administrative role can modify the SSO
integration through the DNS Edge API.
Enabling and configuring SSO involves the following steps:
Attention:
- BlueCat strongly recommends that the corporate system administrator users create a new API access key set after enabling the SSO integration.
- Once you have deleted or deactivated a user within your IdP or removed their Edge Role, a user with the System Administrator role must also remove any API access key sets associated with the inactive user using the /v1/api/apiKeys?email={email} (DELETE) method.