search
  1. Beamery
  2. Integrations
  3. Single Sign On (SSO)
Beamery SSO Fact Sheet

Last Updated:

Overview

This document describes all aspects of the Beamery SAML SSO solution, how it works. The technology that the Beamery SSO system makes use of is called SAML (v2), this defines a common way for different SSO providers to be able to exchange authentication information. Beamery specifically makes use of service provider initiated SSO exchange.

Terms

What follows is a list of terms used in relation to SAML SSO:

  • Service Provider (SP); this is Beamery.

  • Identity Provider (IdP); this is the customers chosen SAML SSO provider, e.g. Okta, OneLogin etc.

  • Security Assertion Markup Language (SAML); defines the protocol for the way authentication data is exchanged.

  • Metadata; this generally relates to a file or endpoint that supplies specific data used in the configuration of SAML SSO.

    • There is IdP and SP metadata with one being generated based on the other.

Customer Company Configuration

Before you can be configured to use SAML SSO with Beamery we first need the following information from you:

  • X.509 Certificate (used to secure and verify data being transmitted)

  • Login endpoint for the Identity Provider (used to redirect a user to for authentication)

  • Logout endpoint for the Identity Provider (not all IdP’s have this).

  • User identifier format (NameIDFormat), one of either emailAddress or unspecified. The latter is used when a company wants its users to sign-in using an identifier other than email address.

Customer User Configuration

Once you have been configured for SSO an initial admin user will need to be added to the customer account. This will allow a person on the customer side to add in new users they wish to access Beamery, and will also allow the desired access level to be set on a per user basis. If a customer has decided to not authenticate users with email addresses then after adding the users Beamery will need to finalise the configuration (again, this step is only if the company is not using email addresses as a user identifier.

Authentication Flow

The diagram below attempts to illustrate the flow visually.

More in this Section
Auth0 User Login Migration FAQ
Beamery SSO Fact Sheet
How to set up Okta SAML with Beamery
SSO configuration Guide for Azure