This guide walks through how to configure your account to use a SAML based identity provider (IDP) to let your users sign in to the Blueshift dashboard. In this example, OneLogin is used, but SAML can be configured with any identity provider that supports SAML2.0, such as G Suite.
- Create an App in OneLogin
- Configuring the App in OneLogin
- Configuring Blueshift For Single Sign On
- Using Single Sign On
- Go to the Administration Section
- Go to Apps -> Add App
- Find and select the "SAML Test Connector (IdP)" App
- Give your app a display name (eg Blueshift Dashboard)
- Open a new browser tab and navigate to https://app.getblueshift.com/dashboard#/app/account/sso
- Copy the "Consumer Url"
- Go to the "Configuration" tab of the newly created OneLogin SAML app
- Paste the "ACS Consumer Url" from Blueshift into "ACS (Consumer) URL" input and the "Recipient" input of the OneLogin SAML app
- Copy the "Entity Id" from Blueshift and paste it into the "Audience" input of the OneLogin SAML app
- Enter https:\/\/app.getblueshift.com\/users\/auth\/saml\/callback into the "ACS (Consumer) URL Validator*" input of the OneLogin SAML app
- Click the "Save" button in OneLogin
- Go to the "SSO" tab of the OneLogin SAML app
- Click on "View Details" of the X.509 Certificate and copy the certificate
- Paste the certificate into the "X.509 Certificate" field in Blueshift
- Copy the "SAML 2.0 Endpoint (HTTP)" from OneLogin and paste it into the "
- Click the "Save" button in Blueshift
- Once the SAML configuration is successfully saved, sign out of Blueshift.
- Sign back in to Blueshift via SAML by entering your email only (no password).
- The authentication process will automatically redirect you to sign in via the OneLogin application.
Important Note: In order to sign in to Blueshift, a user needs to be authenticated via a matching email and authorized to use the app by the Identity Provider. For example, if your email in Blueshift is firstname.lastname@example.org, then the OneLogin app also needs to have a user with an email of email@example.com associated with the Blueshift SAML app.
If you get locked out of your account while attempting to configure SAML single sign on, you can access the password based login via https://app.getblueshift.com/users/sign_in?pw=1.