Login.gov Initial Setup

Use the following instructions to set up the integration between Login.gov and SAML.

Requirements

• A Login.gov account.
• You’re an Admin (Customer Admin) user in the Bitsight platform. See permissions.
• Ensure the email for your Admin account matches your email address in Login.gov. If it doesn’t match, you can either update your Bitsight email address from the Users tab of the Access Control page or add an email to your Login.gov account that matches your Bitsight email.

Instructions

How to set up login.gov and SAML

1. Go to the SAML page of the Bitsight platform.
2. Enter the Login.gov SAML metadata. The contents of the metadata file will need to go into the Metadata form window.
   • If copying metadata from the Login.gov site, you’ll need to remove the non-standard, NameIDFormat tags that's present in 2 places in the metadata in order for our system to accept it.

     <NameIDFormat>
     urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
     </NameIDFormat>

   • To load a pre-edited version of this metadata, download the metadata file (download XML), click Open File, and then select that file.
3. Enable SAML for your customer by clicking Enable Configuration ➔ Update.
4. Open a private browsing window (incognito mode), and then visit the single sign-on URL that’s provided in the SAML page. You should be redirected to Login.gov.
   • For the first log in, the email address that's used to log in to Login.gov must match the email address of your Bitsight account.
   • If you’re unable to log in for any reason, go back to your main browser that’s still logged into the Bitsight platform and revert the settings made above (step 3).
5. Inform all members of your organization who are current Bitsight users that login.gov SAML is now enabled and instruct them to log in from the single sign-on URL going forward.

   A list of the active Bitsight users and their emails can be obtained from the /users API endpoint.