SSO integration - BlueCat DNS Edge

DNS Edge Deployment Guide

prodname
BlueCat DNS Edge

BlueCat DNS Edge can leverage a Single Sign-On (SSO) integration to authenticate and provide access to users within SSO environments. BlueCat DNS Edge can be configured as a Service Provider in a SAML 2.0 Federation, enabling a single sign-on user experience. Once you have enabled the SSO integration, login access will be granted to users of an organization based on the authenticated session with the Identity Provider (IdP) and the role associated with that user in the IdP. DNS Edge only supports service provider (SP) initiated SSO.

Once you enable the SSO integration, you can't login to DNS Edge using credentials that are locally created on the DNS Edge Cloud.
Note: If DNS Edge is unable to receive the SAML response from the IdP that allows it to successfully authenticate users, local system administrators can log in and modify the SSO integration through the DNS Edge UI. If authentication fails for other reasons and you can't log in to the DNS Edge UI, corporate users with the system administrative role can modify the SSO integration through the DNS Edge API.
Attention:
  • BlueCat strongly recommends that the corporate system administrator users create a new API access key set after enabling the SSO integration.
  • Once you have deleted or deactivated a user within your IdP or removed their Edge Role, a user with the System Administrator role must also remove any API access key sets associated with the inactive user using the /v1/api/apiKeys?email={email} (DELETE) method.