Single Sign-On - Platform - BlueCat Gateway - 23.1

Gateway Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
23.1

BlueCat Gateway supports Single Sign-On (SSO) via SAML 2.0 and acts as a Service Provider (SP) for SSO. In the SSO integration, users have the following login options with BlueCat Gateway:

  1. Log in from the BlueCat Gateway login page (SP-initiated SSO)
  2. Log in from the IdP login page (IdP-initiated SSO)

Supported IdPs

SSO on BlueCat Gateway has been tested on the following IdPs:
  • ADFS
  • OneLogin
If your organization is using a different IdP than those supported by BlueCat Gateway and Address Manager, you can still use the IdP as long as it adheres to the SAML 2.0 specification. For more information, refer to your IdP's documentation on how to configure a service provider.
Note:

Currently, BlueCat Gateway only supports a single IdP; multiple IdPs are not supported.

SSO with Okta identity providers is supported only through SAML 2.0. Okta OAuth 2.0 (with OpenID Connect) is not supported at this time.

SP-initiated SSO

In SP-initiated SSO, you log in to BlueCat Gateway directly using your company's SSO credentials. When you logi n through BlueCat Gateway, BlueCat Gateway sends an authentication request to the IdP. The IdP validates your credentials and once validation is successful, the IdP generates an access token. The IdP redirects the access token to BlueCat Gateway and grants access.

The diagram below illustrates the SP-initiated SSO authentication process:

IdP-initiated SSO

In IdP-initiated SSO, you log in to BlueCat Gateway through the IdP login page using your company's SSO credentials. When you log in through the IdP login page, the IdP validates your credentials and once validation is successful, the IdP generates an access token. The IdP now redirects you to BlueCat Gateway.

The diagram below illustrates the IdP-initiated SSO authentication process: