Single sign-on (SSO) setup

Overview

Seven Bridges Single Sign-On (SSO) is a service that allows you to grant your users access to all of their Seven Bridges accounts and applications from one place using single sign-on access.

You can connect to your existing identity source, including Microsoft Active Directory, Okta Universal Directory, Azure Active Directory (Azure AD), etc.

Your users will be able to sign in with a single set of credentials configured within your identity provider (IP), and access all of their Seven Bridges accounts and applications in a single place.

Procedure

  1. Contact our Support Team to get the new IP registered within the Seven Bridges authentication system.
  2. The Support Team will then contact you and send you the the XML metadata file that is generated and assigned to your account.
  3. Using the metadata file you can create a new application in your identity management system that will be used for authentication on the Seven Bridges Platform.
  4. From there you can generate your application XML metadata file and share it with our Support Team so that we can complete the integration on our end.

FAQ

What is the Authentication Type?
SAML 2.0

Is the relay state parameter required?
No.

How can administrators control who can sign in using SSO?
Please use the administrative management console for your identity management service to manage SSO users for your organization.

Is single logout (SLO) supported?
Yes, both SP-initiated and IdP initiated logout flows are supported, as defined by SAML protocol.

Is IdP-initiated SSO supported?
Yes. To log in, users should first access their identity management SSO portal and select the SevenBridges application. They will then be automatically redirected into the SevenBridges platform.

Is SP-initiated SSO supported?
Yes. When a user enters an email on the SevenBridges login page, he will be redirected to the identity provider platform for identity confirmation.

Are SSO users automatically added to their SevenBridges organization and billing account?
Users need to be invited to a division by the division admin. Once the invitation email arrives to them they are able to go through the registration process and confirm their identity on the identity management side(in case not already logged in).

Is there any process when a user logs in for the first time, so the system can create a new account and grant access (Auto Provisioning)?
Existing users are automatically going through upgrade flow once the new identity provider is identified for your enterprise account.

For all new users, an invitation to a division will need to be sent in order for the SSO process to work successfully.

After the user creates the account, he will be redirected to the IDP platform in order to complete a login flow.

What kind of unique id the current system is using?
Unique ID is configurable and will be used as the one that is sent in the exchange process.

Is a unique ID case sensitive?
Unique ID is not case sensitive. It needs to be sent unchanged in order for login to be successful.

What kind of attributes are required in SAML assertions?
None of the values except unique ID is required, but in case it’s possible it would be good to have as much information as possible(like First Name, Last Name, etc), since they will be used for autosuggest on registration form.

Certificate concerns (SHA 1 or SHA 256)?
SHA 256