Use the following instructions to set up the integration between Login.gov and SAML.
Requirements
- A Login.gov account.
- You’re an Admin (Customer Admin) user in the Bitsight platform.
- Ensure the email for your Admin account matches your email address in Login.gov. If it doesn’t match, you can either update your Bitsight email address from the Users tab of the Access Control page or add an email to your Login.gov account that matches your Bitsight email.
Instructions
How to set up login.gov and SAML
- Enter the Login.gov SAML metadata. The contents of the metadata file will need to go into the Metadata form window.
- If copying metadata from the Login.gov site, you’ll need to remove the non-standard,
NameIDFormat
tags that's present in 2 places in the metadata in order for our system to accept it.<NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress </NameIDFormat>
- If copying metadata from the Login.gov site, you’ll need to remove the non-standard,
- Enable SAML for your customer by clicking Enable Configuration ➔ Update.
- Open a private browsing window (incognito mode), and then visit the single sign-on URL that’s provided in the SAML page. You should be redirected to Login.gov.
- For the first log in, the email address that's used to log in to Login.gov must match the email address of your Bitsight account.
- If you’re unable to log in for any reason, go back to your main browser that’s still logged into the Bitsight platform and revert the settings made above (step 3).
- Inform all members of your organization who are current Bitsight users that login.gov SAML is now enabled and instruct them to log in from the single sign-on URL going forward.
A list of the active Bitsight users and their emails can be obtained from the
/users
API endpoint.
Download the 2019 Login.gov metadata:
- November 9, 2020: The Manage Users page has been changed to the Users tab of the Access Control page.
- August 19, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.