SSO Integration

The following outlines the requirements for SSO integration with BluSKY.

Requirements also include:

SSO one time Software License

SSO Integration Pro Services

SSO Integration BluSKY license

SSO integration with BluSKY varies depending upon each customer’s requirements. The below outline a basic SSO integration with BluSKY.

We need (from customer IT):

-EntityId (Name of IDP)

-is the Authentication Request Signed?

-is the Logout Request Signed (may be N/A)?

-Want the Assertion Encrypted?

-Want the Logout Response Signed (may be N/A)?

-SingleSignOnServiceUrl

-SingleLogoutServiceUrl(may be N/A)

-PartnerCertificateFile (and any unique CA roots)

We will provide:

-EntityId: https://blusky.blub0x.com/saml20

-AssertionConsumerServiceUrl: https://blusky.blub0x.com/en-us/account/SAML

-A BluSKY certificate (p7b)

BluSKY SSO Functionality:

After the above configurations are provided and setup, the customer would go to the login page in BluSKY and would click on the link that says “My company uses single sign on”.  They would enter their email address (technically, all it needs is the email domain so you can enter b@emailaddress.com) and click the Ok button next to it. 

The user should be redirected to your Identity Provider (IdP) to authenticate and redirected back to BluSKY. This of course is the service-provider (SP) initiated SSO that will most likely be used when a user keeps their browser open overnight and their BluSKY session expires. The user would be taken to our login page and perform this activity to re-authenticate with their IDP (and get redirected back to BluSKY).

For IDP initiated SSO, you’d probably have a link on your desktop that would take them to your IDP and redirect to BluSKY. If they’re already authenticated with the IdP (through their desktop login), then the IDP would just redirect them to BluSKY directly, otherwise they’d need to authenticate with the IDP first.