Single Sign-On

Single Sign-On (SSO) is an authentication process that allows users to log in to multiple systems via a single service. You can configure an SSO integration to manage your organization’s entire membership via a third-party identity provider (IdP). When SSO is configured for an organization, all authentication requests are routed through the third-party IdP, and users cannot log in directly to BigPanda.

Benefits Of SSO

You can choose to integrate BigPanda with a third-party IdP to take advantage of any security controls and identity management processes that are already established in your organization. The benefits of SSO include:

  • Added security controls through the IdP, such as enforcing security policies, adding two-factor authentication, or restricting login via a corporate authentication mechanism.
  • Simplified password management.
  • Reduced password fatigue and time spent re-entering login details.
  • Simplified user management, onboarding, and offboarding.

How It Works

After an administrator successfully authenticates on the BigPanda website via basic authentication, they can configure their organization to use a SAML 2.0-compliant, third-party IdP for delegated authentication. When SSO is configured for your organization, all authentication attempts are redirected to the third-party IdP. If a user does not have a valid session with the IdP, they are redirected to a login page where they may be challenged for their username, password, security questions, or multiple factors as determined by the IdP. The IdP then returns an “assertion” as to the identity of the user to BigPanda and they are authenticated in turn.

Requirements

Here are some technical specifications for how BigPanda implements an SSO integration. Use this information to check whether a specific SAML provider may be able to work with BigPanda or to troubleshoot implementation problems.

Consideration
BigPanda Functionality

Scope Of User Management

Must be all BigPanda users. BigPanda does not support multiple authentications methods for the same organization.

Authentication Flow

Supports both SP- and IdP-initiated:

  • For SP-initiated, with redirect binding from the SP and POST binding from the IdP.

  • For IdP-initiated, with POST binding from the IdP.

Assertion Type

Supports only unsigned, unencrypted assertions.

XML Schema

Follows standards from the SAML 2.0 core specification.

Username

  • Must be an email address.

  • Must be the same in BigPanda and the in IdP.

  • Must have the same top-level domain for everyone in the organization (for example, joe.engineer@acme.com).

Provisioning And De-Provisioning

Manual invitation and deactivation by an administrator from within the BigPanda UI. See Inviting Users and Managing User Accounts.

Supported Providers

BigPanda supports SSO with several third-party IdPs for delegated authentication. Contact BigPanda Support to check whether your provider is supported.

Enabling SSO

You may want to enable single sign-on (SSO) to require users to log in to BigPanda via a third-party identity provider (IdP). After SSO is enabled, users must use the SSO provider to log in to BigPanda.

Prerequisites

  • Obtain administrator access to BigPanda.

Your BigPanda email address must match your SSO email.

  • (Recommended) Inform users that the BigPanda login process is changing.

Procedure

  1. In the top right, click the Settings icon (), and then click Single Sign-on.
  2. Select the desired SSO provider.
  3. Follow the on-screen instructions to configure the SSO integration, and then click Logout and Test.
  4. From the BigPanda login page, enter your email address and leave the password blank. Then, click Log In to log in with your SSO provider.
  5. Validate that the login process works as expected and your account is accessible.
    Contact BigPanda support for assistance, if needed.
  6. In the top right, click the Settings icon (), and then click Single Sign-on.
  7. Click Enable to enable SSO for everybody in your organization.

Post-Requisites

Inform all users that they must log in to BigPanda via SSO.

Disabling SSO

You may want to disable single sign-on (SSO) and require users to log in directly to BigPanda instead. After SSO is disabled, users must reset their passwords to log in to BigPanda.

Prerequisites

  • Obtain administrator access to BigPanda.

  • (Recommended) Inform users that the BigPanda login process is changing.

Procedure

  1. In the top right, click the Settings icon (), and then click Single Sign-on.
  2. Select the SSO provider that is currently configured for BigPanda.
  3. Click Disable SSO.
  4. Click Yes to confirm that you want to disable SSO for your organization.
  5. Log out of BigPanda.
  6. From the BigPanda login page, click the Forgot Password link, and then follow the instructions to reset your password.
  7. Validate that the login process works as expected and your account is accessible.
    Contact BigPanda support for assistance, if needed.

Your email address must match your SSO email.

Post-Requisites

  • Inform all users that they must reset their BigPanda passwords using their SSO email addresses.

  • (Optional) Remove or disable the BigPanda configuration within the SSO provider's system.

Single Sign-On

Single Sign-On (SSO) is an authentication process that allows users to log in to multiple systems via a single service. You can configure an SSO integration to manage your organization’s entire membership via a third-party identity provider (IdP). When SSO is configured for an organization, all authentication requests are routed through the third-party IdP, and users cannot log in directly to BigPanda.