This article will show you how to configure SAML for BlueJeans application in Teamstack.
Once this is done, your users will be able to access BlueJeans using Teamstack via SAML. Your users will use their Teamstack credentials when accessing BlueJeans.
- BlueJeans (SP) initiated Single Sign-On
- Teamstack (IdP) initiated Single Sign-On
- JIT (Just In Time) Provisioning
Set up SSO via SAML for BlueJeans
To set up SSO you first need to add BlueJeans app to Teamstack, assign it to yourself and then configure BlueJeans SSO with the SAML metadata from Teamstack.
Step 1: Add BlueJeans app to Teamstack
- Go to your Applications in Teamstack.
- Click "Add Application" in the top right corner.
- Search for "BlueJeans" and click "Add".
- Select this app to be a "SAML" app and leave the "Relay State" input empty, we will configure it later.
- In Organization's Applications overview, click on the newly created BlueJeans app. You will see all the details about this app.
- Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for BlueJeans.
- Click on the "SAML Configurations" tab. Keep this page open, you will need these values once you configure the SAML settings in BlueJeans. You also need to download the certificate file by clicking on the "SAML Certificate" button.
Step 2: Set up SAML in BlueJeans
Once you enable SSO in BlueJeans, users will only be able to log in via SAML and not with username and password. So plan your changes accordingly.
Optionally, you can choose to enable "Just In Time Provisioning". Then if user's account exist in Teamstack, but not yet at BlueJeans, a new account will be created at BlueJeans when user tries to log in at BlueJeans for the first time.
- Log in to BlueJeans with your administrator account.
- In the top menu, click "ADMIN".
- From "GROUP SETTING", navigate to the "SECURITY" tab.
- Check " SAML Single Sign On".
- Click "Choose File" and upload your certificate file you downloaded in step 1.7.
- In "Login URL" use the "Sign-in Page URL" from step 1.7.
- With Password Change URL, Logout URL, and Custom Error Page URL, use https://app.teamstack.com/dashboard.
- Check "Pick User Id from <saml2:NameID> element"
- Fill in the inputs with the following values for the Just In Time Provisioning to receive the correct user settings:
- Email = Email
- First Name = Firstname
- Last Name = Lastname
- Click "Save Changes".
- When the settings are saved, you need to copy the "RelayState" value from BlueJeans to Teamstack. In Teamstack open your BlueJeans application's settings and click on the "Edit" button. There you will find the RelayState input where you need to paste the value from BlueJeans.
You can now test the login from Teamstack to BlueJeans. You need to have BlueJeans assigned to yourself in Teamstack. To test the connection, do the following:
- Open a new incognito window
- Log into Teamstack
- Click on the BlueJeans app on your dashboard
- You will be redirected to BlueJeans and will be logged in without the need to enter a password at BlueJeans.
- If you enabled Just In Time Provisioning during the setup, new users will be automatically provisioned to BlueJeans.