- February 12, 2024: Azure AD renamed to Microsoft Entra ID.
- April 21, 2023: Lowercase “s” for “Bitsight.”
- February 27, 2023: Added the SAML sign-in process.
Microsoft Entra ID, a cloud version of an Active Directory Federation Service (ADFS), integrates with the Bitsight platform single sign-on (SSO) service. Refer to the following guide to integrate the Bitsight platform single sign-on (SSO) service with the Microsoft Entra ID cloud IDP service.
- Getting Started
- Basic SAML Configuration
- User Attributes & Claims
- Downloading and Uploading Metadata
- Start the SAML Sign on method from the Azure dashboard.
- Go to Microsoft Entra ID (former Azure Active Directory) from the left navigation menu.
- Create a new Non-gallery application.
Basic SAML Configuration
- Go to the SAML page in the Bitsight platform.
- Take note of your organization’s Entity ID [
entity_guid] and Assertion Consumer Service URL [
- Add the following information to the Basic SAML Configuration section in Microsoft Entra ID:
Field Value Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
Sign on URL
User Attributes & Claims
|Unique User Identifier (Name ID)
Refer to the following conditions for the Manage claim page:
Optional Attributes (Not Required)
|This can be specified in place of the last name field if the user’s name is not of the form, “Firstname Lastname.”
|This specifies the user’s group. If the group does not already exist, it will be created and will initially be empty. If not specified, the default group is used.
This specifies the user’s role in the Bitsight platform. The user’s role will be a standard user role. Otherwise, it must be one of these strings:
Ensure the string values are an exact match, including the spaces.
Downloading and Uploading Metadata
Once you have configured SAML and configured the user and attribute claims, you can now download the metadata from Microsoft Entra ID (.xml) and upload it to the Bitsight platform.
- Select the Download link by the Federation Metadata XML option in the SAML Signing Certificate section in Microsoft Entra ID.
- Navigate to the SAML page in the Bitsight platform.
- Select the Load from URL button within the SAML Metadata section.
- Select the XML file downloaded from Microsoft Entra ID (step 1).
After you’ve submitted your SAML metadata, you can enable SAML by activating the Enable Configuration toggle.
Once you’ve enabled SAML for your organization and a user has logged in successfully with SAML, all existing passwords will be disabled for non-administrator users. Users will have to log into the Bitsight platform using the single sign-on URL provided on the SAML page. Administrators’ passwords will be disabled once they have logged in successfully using SAML.
Your URL will appear in the Your SAML Identity Provider (IdP) Settings for Primary section once SAML is enabled, which will contain either the Service Provider-initiated URL or an Identity Provider-initiated URL if a custom one was configured.
SAML users must use the sign-on URL to log in. Using past credentials on the Bitsight landing page will generate an error.
- Once SAML setup is complete, sign in to Microsoft Entra ID using SSO to verify user permissions.
- Visit the sign-on URL: https://service.bitsighttech.com/sso/vanity_name
New users are automatically assigned the User role. If you would like to give them admin privileges, they will need to first log in to the Bitsight platform using SAML. You (the admin) can then use the Users tab in the Access Control page to change their permissions.
Default Access Control Group
When users are created using SAML, they will be placed in the default access control group. If a default group is not set, new users will have access to all companies in the portfolio.
The default group for your portfolio can be changed from the Groups tab in the Access Control page.
Managing Access Control Groups
If you’d like to move a user from their default access control group to a different group, use the Access Control page to modify a user’s group.
If you decide you no longer want to use single sign-on for accessing the Bitsight platform, you can deactivate it using the Enable Configuration toggle.
Disabling SAML will require all users, including administrators, to reset their passwords. They can reset their password using the Forgot your password? link in the login page.