Enabling Blueprint Federated Authentication

After configuring your identity provider to work with Blueprint, you must enable federated authentication in Blueprint.

To enable Blueprint federated authentication:

  1. Open the Instance Administration Console.
  2. Click Federated Authentication Settings.
  3. Select the Enable Federated Authentication option.
  4. Set your federated authentication settings:
  • Click Replace certificate to upload your Identity Provider Certificate. The certificate must be in DER format.
Certificates have an expiry date. Make sure you replace your certificate before it expires or users will be unable to access Blueprint.
  • Login URL: Defines your Identity Provider Login Service URL. This is the URL that Blueprint navigates to when the user clicks the Go button on the login screen. At this time, the Identity Provider returns a authentication token to Blueprint to authenticate the user.

Example: https://idp.domain.com/adfs/ls/

  • Logout URL: Defines the URL to navigate to after a user clicks the Logout button in Blueprint. This behavior is not applicable if a user is logged in with fallback authentication.
  • Error URL (optional): If a token error occurs, the user is redirected to the specified URL. The specific error is included as a GET parameter in the URL.
    If an Error URL is not provided, Blueprint displays the token errors in the popup window.
  • Login Prompt (optional): Defines the login text that appears on the login screen when Federated Authentication is enabled:

The default text is:

Login with Corporate Credentials

  • Customize electronic signature prompt (optional): Defines the text that appears on the electronic signature message when Federated Authentication is enabled. If you require signatures for the review process, users are asked to confirm their identity in order to approve or reject an artifact. When federated authentication is enabled, users will be able to use this federated identity to sign off.
  1. If Active Directory integration is enabled, and for federated authentication your identity provider is configured to only pass on a username, select Allow SSO User Authentication without a Domain Name and list all domain names:
  • Click Add, then click the newly created line and enter the domain.
  • Do not include the backslash. For example, when entering to account for "DOMAIN\username", only enter "domain".
  • Domains will be applied in the order they are listed.
  1. Click Save