BlueCat Gateway supports SSO via SAML 2.0 and acts as a Service Provider (SP) for SSO. In the SSO integration, users have the following login options with BlueCat Gateway:
- Log in from the BlueCat Gateway login page (SP-initiated SSO)
- Log in from the IdP login page (IdP-initiated SSO)
Currently, BlueCat Gateway only supports a single IdP; multiple IdPs are not supported.
SSO with Okta identity providers is supported only through SAML 2.0. Okta OAuth 2.0 (with OpenID Connect) is not supported at this time.
SP-initiated SSOIn SP-initiated SSO, you log in to BlueCat Gateway directly using your company's SSO credentials. When you logi n through BlueCat Gateway, BlueCat Gateway sends an authentication request to the IdP. The IdP validates your credentials and once validation is successful, the IdP generates an access token. The IdP redirects the access token to BlueCat Gateway and grants access.
The diagram below illustrates the SP-initiated SSO authentication process:
IdP-initiated SSOIn IdP-initiated SSO, you log in to BlueCat Gateway through the IdP login page using your company's SSO credentials. When you log in through the IdP login page, the IdP validates your credentials and once validation is successful, the IdP generates an access token. The IdP now redirects you to BlueCat Gateway.
The diagram below illustrates the IdP-initiated SSO authentication process: