Steps to configure SAML SSO for Bluescape

About Bluescape

Bluescape is a cloud-based visual collaboration platform designed to enhance teamwork, planning, and decision-making across various industries, including defense, architecture, media, and enterprise sectors. Bluescape offers a secure, scalable workspace that facilitates real-time collaboration among dispersed teams.

The following steps will help you enable SSO for Bluescape from Identity360.

Prerequisites

1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
3. Navigate to Applications > Application Integration > Create New Application, and select Bluescape from the applications displayed.
   Note: You can also find Bluescape from the search bar located at the top.
4. Under the General Settings tab, enter the Application Name and Description.
5. Under the Choose Capabilities tab, select Single Sign-on and click Continue.
   General Settings of SSO configuration for Bluescape
6. Under the Integration Settings tab, enter the Account ID and Unique ID fields with any temporary placeholder values, and click Save.
   Integration Settings of SSO configuration for Bluescape.

Bluescape (service provider) configuration steps

1. Contact Bluescape Support and inform them that you want to set up SSO for your organization.
2. Provide the Bluescape Support team with the contact email address of your SSO administrator and the metadata URL value. You can obtain the metadata URL by following these steps.
3. The Bluescape Support team will provide you with the following URLs. Copy these values, which will be used during Identity360 configuration.
   • Entity ID - https://portal.apps.us.bluescape.com/saml/metadata/<customer_saml_provider_name>;
   • Assertion Consumer Service (ACS) - https://identity-api.apps.us.bluescape.com/api/authenticate/<acs_id>;
   • Single Logout Endpoint - https://identity-api.apps.us.bluescape.com/api/logout/<saml_id>;
   • Single sign-on (SSO) URL - https://identity.apps.us.bluescape.com/saml/login/sso_name;
   Note: These URLs contain placeholders for the <customer_saml_provider_name>, <acs_id>, <saml_id>, and <identity_provider_name>, because they have not been generated yet.
4. Have a member log in to the test organization using the SSO URL provided by support.
   Note: A test organization is a temporary environment created by the support team to validate your SSO configuration. Once you confirm that SSO works as expected in this environment, the same setup will be enabled in your production organization.
5. If the login is successful, provide Bluescape support with permission to apply the SSO setup to the actual organization.

Identity360 (identity provider) configuration steps

1. After receiving the email response from the Bluescape support team, we need to update the SP values in Identity360 SSO configuration.
2. Go to Applications > Application Integration. Click edit icon on Bluescape.
3. From General Settings, click Continue.
4. In the Account ID field, update the ACS URL value copied from step 3 of Bluescape configuration. For example, if the ACS URL is https://identity-api.apps.us.bluescape.com/api/authenticate/123-456-789, then the Account ID will be 123-456-789.
5. In the Unique ID field, update the Entity ID value copied from step 3 of Bluescape configuration. For example, if the Entity ID is https://portal.apps.us.bluescape.com/saml/metadata/987-654-321, then the Unique ID will be 987-654-321.
6. Enter the Relay State parameter, if necessary.
   Note: Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
7. Click Save.
   Integration Settings of SSO configuration for Bluescape.
8. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to Bluescape through the Identity360 portal.