Online Help

SafeNet Trusted Access for Bitglass

Overview

Configuring SafeNet Trusted Access for Bitglass is a three-step process:

1.Bitglass setup

2.SafeNet Trusted Access setup

3.Verify authentication

Bitglass Setup

As a prerequisite, download the Identity Provider Signing Certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Bitglass:

1.Log in to Bitglass as an administrator using the https://portal.us.bitglass.net/accounts/login/ URL.

2.On the administrator dashboard, go to Apps and select Objects.

3.Under Objects, click next to External IDP to add an external IdP.

4.On the SAML Authentication window, perform the following steps to register your SAML IdP with Bitglass:

a.In the Object Name field, enter a name that you want to register with your IdP.

b.In IDP Type field, select Other IDP.

c.In the SAML IdP Login URL field, enter the SINGLE SIGNON SERVICE URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLE SIGNON SERVICE field.

d.In the SAML IdP Logout URL field, enter the SINGLE SIGNON SERVICE URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLE SIGNON SERVICE field.

e.In the SAML IdP Single Logout Request Method field, select GET.

f.In the Token Signing Certificate (PEM or DER format) field, click Choose File to search and select the the IdP certificate that you downloaded earlier from the STA console.

g.Click Save.

5.On the administrator dashboard, go to People and Click to add a Username Domain.

6.On the Username Domain window, perform the following steps:

a.In the Username Domain field, enter the domain name of the users to whom you want to authenticate.

b.In the Authentication field, select the External Identity Provider option and select the Auto-provision users upon auth success check box.

c.In the IDP Object field, select the IDP Object (for example, Safenet) that you registered earlier in step 4.

d.Click Create.

Now, SafeNet Trusted Access is configured as IdP in Bitglass.

Adding an End Application

Perform the following steps to add an application in Bitglass (for example, Freshservice):

1.On the administrator dashboard, go to Apps and select Policies.

2.Under Policies, click next to Application and Policies.

3.On the Select a predefined application window, select Any Managed App.

4.On the Custom Application Configuration window, perform the following steps:

a.In the Application Name field, enter the application name (for example, Freshservice).

b.In the Application URL field, enter the application URL.

c.Click OK.

5. On the application window, in the App Instance column, click on the domain (for example, gemalto.com).

6.On the <Application> Instance window, perform the following steps to enable SSO for the new application:

a.In the Name field, enter the name of the application instance (if it is not already mentioned).

b.In the Authentication field, select the SAML IdP (for example, Safenet) that you registered earlier.

c.Click next to Domains to add domains that you want to configure for this application.

d.Select Enable for SAML SSO to enable SAML.

e.Click OK.

7. Once an end application has been successfully added, you will need to configure SSO settings in both Bitglass and the end application. Perform the following steps to configure SSO settings in Bitglass:

a. On the application window, in the App Instance column, next to the App SSO, click Setup.

b.If you get the metadata file from the end application, click Choose File to upload it.

Else, perform the following steps to complete the following fields:

In the Single Sign-On URL field, enter the ACS URL of the end application.

In the Single Logout URL field, enter the SLO URL if the end application supports SLO.

In the SP (Application) Entity ID field, enter the Entity ID or Issuer ID of the end application.

Click Save.

Values in other fields will be generated automatically.

Note:  Mostly, a common URL is used as the Single Sign-On, Recipient, and Destination URLs and it is also same as the Assertion Consumer Service (ACS) URL.

Note:  If your application needs attributes for mapping, then click on to add an attribute statement and write the exact name of your attribute (that you want to map) in the Name field and it’s value in the Value field. This field is always application-specific.

8.On the application window, click Setup Web SSO to configure SAML in your end application that is added in Bitglass.

9.On the Single Sign-On Setup window, click on the Download IDP metadata XML link to download the Bitglass metadata. Use the Bitglass metadata to configure SAML in your end application.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Bitglass, the second step is to activate the Bitglass application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Bitglass application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Bitglass) and proceed to the next step.

2.Under STA Setup, perform the following steps:

a.Under Account Details, in the ENTITY ID field, enter https://sso.us.bitglass.net, which is the default URL used for the first IdP to be added to Bitglass. If you add any subsequent IdPs to Bitglass, ensure that you copy the Entity ID available on the Bitglass IDP Setup page.

b.Under User Login ID Mapping, in the NAME ID field, ensure that Email address is selected.

c.Click Save Configuration to save the details and activate the Bitglass application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the end application SSO URL. You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the end application dashboard after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Bitglass application icon, you should be redirected to the Bitglass portal after authentication. On the Bitglass portal, select the end application that you want to access, you should be redirected to the end application dashboard.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.