Single Sign-On - Platform - BlueCat Gateway - 20.3.1

Gateway Administration Guide

prodname
BlueCat Gateway
version_custom
20.3.1

BlueCat Gateway supports SSO via SAML 2.0 and acts as a Service Provider (SP) for SSO. In the SSO integration, users have the following login options with BlueCat Gateway:

  1. Log in from the BlueCat Gateway login page (SP-initiated SSO)
  2. Log in from the IdP login page (IdP-initiated SSO)

Supported IdPs

SSO on BlueCat Gateway has been tested on the following IdPs:
  • ADFS
  • OneLogin
If your organization is using a different IdP than those supported by BlueCat Gateway and Address Manager, you can still use the IdP as long as it adheres to the SAML 2.0 specification. For more information, refer to your IdP's documentation on how to configure a service provider.
Note: Currently, BlueCat Gateway only supports a single IdP; multiple IdPs are not supported.

SP-initiated SSO

In SP-initiated SSO, you log in to BlueCat Gateway directly using your company's SSO credentials. When you login through BlueCat Gateway, BlueCat Gateway sends an authentication request to the IdP. The IdP validates your credentials and once validation is successful, the IdP generates an access token. The IdP redirects the access token to BlueCat Gateway and grants access.

The diagram below illustrates the SP-initiated SSO authentication process:

IdP-initiated SSO

In IdP-initiated SSO, you login to BlueCat Gateway through the IdP login page using your company's SSO credentials. When you login through the IdP login page, the IdP validates your credentials and once validation is successful, the IdP generates an access token. The IdP now redirects you to BlueCat Gateway.

The diagram below illustrates the IdP-initiated SSO authentication process: