Skip to main content
All CollectionsGuidesIntegrations
How does the Single Sign-On (SSO) integration work?
How does the Single Sign-On (SSO) integration work?

Learn more about setting up and using the BlueTally Single Sign-On integration

Updated over a week ago

The BlueTally Single Sign-on integration lets your team members log in and use the app without the need to manually create accounts and new passwords.

Setup

We have dedicated setup guides with screenshots and detailed steps for the most popular platforms:

BlueTally adheres to the SAML SSO standard, which means that we support all SAML-compliant identity providers, even ones we don't have a dedicated setup guide for, like Duo SSO. In that case, you can still refer to one of the setup guides above to get a general understanding of the steps required to set this up.

Configuration

Once you've followed the steps in the relevant setup guide, you will need to provide us with these two things from your Identity Provider:

  1. SSO Certificate

  2. Endpoint/Target URL

Both of these can be uploaded to your BlueTally account by clicking on the profile icon in the top right corner, then clicking on Settings, then clicking on the Single Sign-On (SSO) link in the left navigation bar:

You'll also need to set which default permission level you'd like new users to have.

We recommend setting this to My Items, that means that new users will only be able to see a list of assets assigned to them when they first sign in. You can change this later.

If you haven't already set your Custom URL in BlueTally, you'll see a field for that as well here which needs to be completed.

Once you click Save, our team will finalize the SSO configuration from our end, and you'll receive an email once the setup has been completed. Please note that this can take up to 24 hours.

After SSO has been enabled, you'll see an option to change the default permission level, as well as fields to upload an updated SSO configuration. Please note that any updated SSO configuration will also require work from our team, and can take up to 24 hours to complete.

After new users sign in for the first time using SSO, they will appear under the Account Users section in your settings. Please note that users won't appear here until they've completed their first sign in.

User access management is done through your identity provider (e.g., Azure AD), where you can assign individuals or groups access to sign in to BlueTally via SSO.

Signing in with SSO

To sign in using SSO, you'll need to use your Custom URL to access BlueTally so that you're able to see the Sign in with SSO button for your company.

For example, if your Custom URL is mycompany.bluetallyapp.com, you'll need to use that link to see the SSO sign-in button. If you use the normal app.bluetallyapp.com link, you won't see this button.

Frequently Asked Questions

How do I give users access to sign in using SSO?

This is done from your Identity Provider's side (eg. Azure AD) in the BlueTally SSO application you created during the setup, there you'll be able to assign either individual users or user groups access to sign into BlueTally using SSO. Revoking access from users or user groups is also done from your Identity Provider's side.

Can I still invite users with email/password after SSO has been enabled?

This isn't possible by default, but if you would like to have this ability enabled on your account, please reach out to our support team and we will assist you.

Can I update my SSO configuration after it's been enabled?

Sure, you can submit your new SSO configuration under the Single Sign-On (SSO) section in your account settings, and our team will have it updated for you. Please note that this can take up to 24 hours.

How do I disable SSO after it's been enabled?

Please reach out to our support team to have SSO disabled on your account.

How do I change a user's permission level?

After the user has completed their first SSO sign in, they'll appear in the Account Users list in your BlueTally settings. From there, you need to click on Edit User and you'll see an option to change their permission level from there. As of now, it's not possible to sync this information from your identity provider, but this is on the roadmap.

Can you have multiple SSO integrations on the same account?

Unfortunately this isn't possible, it's only possible to have one SSO setup per account.

Did this answer your question?