Configuring SAML for your organization will allow your users to sign in to Blue Matador by authenticating to your SAML Identity Provider (Microsoft Active Directory, Google Apps for business, Okta, etc).
- Sign in from Blue Matador: Users can go to bluematador.com > Sign In > select SAML Login and enter their work email to begin the authentication process. If they are already signed in to your Identity Provider system, they’ll be automatically redirected to Blue Matador as an authenticated user.
- Sign in from your Identity Provider: Users can go to your “Enterprise Apps” portal and click the Blue Matador app to sign in. Identity Providers typically provide a portal that lists all of the enterprise applications your users can access through a single click. Ex: myapps.microsoft.com (for Azure AD).
- Auto-provisioning users: New users will be automatically provisioned as they authenticate. Users will by default have "user" permission, which can be changed to "admin" permissions by an account admin via Account > Users
To start the process you will need either the Blue Matador metadata xml file OR the Blue Matador entity id and assertion consumer id. You can get these values from the Blue Matador SAML Config page.
On Your Identity Provider
- Create an “app” for Blue Matador on your Identity Provider system by providing the Blue Matador metadata xml file OR by entering the Blue Matador entity id and assertion consumer URL. How this is done depends on each system.
- Download the Identity Provider metadata xml file provided by your identity provider.
- Add your users to the app you created in Step 1.
- Setup mappings for the following attributes:
first_name: The first name, or given name of your users
last_name: The last name, or surname for your users
If given the option to include an icon, feel free to use this Blue Matador logo:
On Blue Matador
1. Upload the Identity Provider metadata xml file to the SAML Config page on Blue Matador.
2. Optionally, submit email domains that your users will use to sign in. Email domains must be approved by Blue Matador before they will be activated for automatic provisioning.
3. Test your SAML configuration by logging in to your Blue Matador account in a separate browser session.