Login.gov Initial Setup Ingrid Login.gov provides a public, secure, and private online access to participating government programs. With one Login.gov account, users can sign in to multiple government agencies.Differences between Login.gov and other SAML Identity Providers (IdP): Login.gov provides authentication but not authorization. As a result, users cannot be automatically provisioned in the Bitsight platform through Login.gov. Instead, they will need to be manually added. Login.gov does not support IdP-initiated (Identity Provider-initiated) sign on; all logins must be SP-initiated (Service Provider-initiated) from the provided single sign-on URL. See “Your Bitsight SP-initiated login URL” in the SAML page. Requirements A Login.gov account. You’re an Admin (Customer Admin) user in the Bitsight platform. Ensure the email for your Admin account matches your email address in Login.gov. If it doesn’t match, you can either update your Bitsight email address from the Users tab of the Access Control page or add an email to your Login.gov account that matches your Bitsight email. InstructionsHow to set up login.gov and SAML Go to the SAML page of the Bitsight platform. Enter the Login.gov SAML metadata. The contents of the metadata file will need to go into the Metadata form window. If copying metadata from the Login.gov site, you’ll need to remove the non-standard, NameIDFormat tags that's present in 2 places in the metadata in order for our system to accept it. <NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress </NameIDFormat> To load a pre-edited version of this metadata, download the metadata file (download XML), click Open File, and then select that file. Enable SAML for your customer by clicking Enable Configuration ➔ Update. Open a private browsing window (incognito mode), and then visit the single sign-on URL that’s provided in the SAML page. You should be redirected to Login.gov. For the first log in, the email address that's used to log in to Login.gov must match the email address of your Bitsight account. If you’re unable to log in for any reason, go back to your main browser that’s still logged into the Bitsight platform and revert the settings made above (step 3). Inform all members of your organization who are current Bitsight users that login.gov SAML is now enabled and instruct them to log in from the single sign-on URL going forward. A list of the active Bitsight users and their emails can be obtained from the /users API endpoint. Download the 2019 Login.gov metadata: metadata2019.xml December 17, 2024: Linked to permissions. November 9, 2020: The Manage Users page has been changed to the Users tab of the Access Control page. August 19, 2019: Published. Related articles SAML Setup Setting a Custom Login URL with SAML Configuring SAML Apps Microsoft Entra ID (Azure AD) Integration Guide Bitsight Password Policy Feedback 0 comments Please sign in to leave a comment.