The BlueTally Single Sign-on integration lets your team members log in and use the app without the need to manually create accounts and new passwords.
Setup
We have dedicated setup guides with screenshots and detailed steps for the most popular platforms:
BlueTally adheres to the SAML SSO standard, which means that we support all SAML-compliant identity providers, even ones we don't have a dedicated setup guide for, like Duo SSO. In that case, you can still refer to one of the setup guides above to get a general understanding of the steps required to set this up.
To complete the SSO setup in your identity provider, you'll need your unique SSO ID. This can be found in Settings -> Single Sign-On (SSO) in your BlueTally account.
Configuration
Once you've followed the steps in the relevant setup guide, you will need to provide us with these two things from your Identity Provider:
SSO Certificate
Endpoint/Target URL
Both of these can be uploaded to your BlueTally account by clicking on the profile icon in the top right corner, then clicking on Settings, then clicking on the Single Sign-On (SSO) link in the left navigation bar:
You'll also need to set which default permission level you'd like new users to have.
We recommend setting this to My Items, which means that new users will only be able to see a list of assets assigned to them when they first sign in. You can change this later.
Once you click Save, our team will finalize the SSO configuration from our end, and you'll receive an email once the setup has been completed. Please note that this can take up to 24 hours.
After SSO has been enabled, you'll see an option to change the default permission level, as well as fields to upload an updated SSO configuration. Please note that any updated SSO configuration will also require work from our team and can take up to 24 hours to complete.
After new users sign in for the first time using SSO, they will appear under the Account Users section in your settings. Please note that users won't appear here until they've completed their first sign-in.
User access management is done through your identity provider (e.g., Azure AD), where you can assign individuals or groups access to sign in to BlueTally via SSO.
Signing in with SSO
To sign in using SSO, click the ‘Sign in with SSO’ button. You’ll be taken to a dedicated SSO sign-in page where you can enter your email address. From there, you’ll be redirected to your organization’s SSO login page for authentication.
Frequently Asked Questions
How do I give users access to sign in using SSO?
This is done from your Identity Provider's side (eg. Azure AD) in the BlueTally SSO application you created during the setup. There, you'll be able to assign either individual users or user groups access to sign into BlueTally using SSO. Revoking access from users or user groups is also done from your Identity Provider's side.
Can I still invite users with email/password after SSO has been enabled?
This isn't possible by default, but if you would like to have this ability enabled on your account, please reach out to our support team, and we will assist you.
Can I update my SSO configuration after it's been enabled?
Sure, you can submit your new SSO configuration under the Single Sign-On (SSO) section in your account settings, and our team will have it updated for you. Please note that this can take up to 24 hours.
Will I lose access to my account while BlueTally is updating my SSO configuration?
No, you will still be able to log in to your account while our team is completing or updating your SSO configuration on our end. At no point will you be locked out of your account during this process.
How do I disable SSO after it's been enabled?
Please reach out to our support team to have SSO disabled on your account.
How do I change a user's permission level?
After the user has completed their first SSO sign-in, they'll appear in the Account Users list in your BlueTally settings. From there, you need to click on Edit User, and you'll see an option to change their permission level from there. As of now, it's not possible to sync this information from your identity provider, but this is on the roadmap.
Can you have multiple SSO integrations on the same account?
Unfortunately this isn't possible; it's only possible to have one SSO setup per account.