Overview
This document contains instructions to configure Single Sign-On (SSO) into the Blueink
eSignature App using an Okta SAML connection.
The target audience for this document is Blueink Customers who use Okta as their IdP (Identity Provider).
If you want to setup SSO using a different IdP or Okta connection type, please visit
help.blueink.com for additional guides. If you would like to test out using Okta as an IdP for login into Blueink eSignatures (and into other Apps that support SSO), you can create a free Okta developer account at developer.okta.com/signup/.
Prerequisites
These instructions should be followed by someone who is an Admin of an Okta account, or who otherwise has permissions to create and configure customer applications in Okta.
Summary Instructions
A quick summary of the steps is as follows. Detailed instructions, with screenshots, can be found in the following section.
Log into Okta as an administrator
Create a new App Integration from the Applications tab, and select SAML 2.0 as the type
In General Settings for the new App, enter a name (e.g. “Blueink”) and optional logo
In the Configure SAML Form:
Enter the ACS URL provided by Blueink as the Single sign-on URL
Enter the AUDIENCE URI provided by Blueink as the Audience URI (SP Entity ID)
For “Name ID format” select EmailAddress
In Attribute Statements create two inputs:
Name: firstName; Name format: Basic; Value: user.firstName
Name: lastName; Name format: Basic; Value: user.firstName
Click Save and Continue
Copy the Metadata URL from the Sign On Settings tab in your new App, and send it to Blueink. Blueink will respond when we have configured the SSO on our end
Go to the Assignments tab and assign Users and Groups in Okta who should be able to access the Blueink eSignature App
Test a login by using the email address of a user that already exists in your Blueink eSignature account. Visit this URL to login:
Detailed Instructions
Once you're logged in to the Okta Admin Dashboard, click Create App Integration in the
Applications tab:
Select SAML 2.0 and continue to the the General Settings form, enter the name of your
application and (optionally) your application's logo.
In the Configure SAML form:
Input the ACS URL provided to by Blueink as the Single sign-on URL
Input the AUDIENCE URI provided to you by Blueink as the Audience URI (SP Entity ID)
For Name ID format, select EmailAddress
In Attribute statements, create two inputs:
Name: firstName; Name format: Basic; Value: user.firstName
Name: lastName; Name format: Basic; Value: user.firstName
Your configuration page should look like the following:
Click Save and continue, indicating that this is an internal application on the last screen.
Send Metadata URL to Blueink
Copy the Metadata URL from the Sign On Settings tab in your newly created Okta application. Please send this URL via email to your Blueink Account rep, or to the Blueink support person assisting with your SSO configuration.
Blueink will setup the SSO connection on our end, and respond to you once that is complete. Typically, this process is quick.
The screenshot below shows where to find the Metadata URL in Okta.
Assign Users and Groups to the new App in Okta
On the Assignments tab under your application in Okta, assign the application to team members who should have access to it by clicking Assign:
Test Your Blueink SSO Connection
Now that you have an SSO Connection set up, you can test it out as follows:
Log out of any active Blueink sessions in your browser
Visit the test SSO login page at: https://secure.blueink.com/auth/login
Enter your email address and you should be redirected to your Okta login page to enter your credentials
You should then be redirected back to the Blueink dashboard
If you have any issues, don't hesitate to reach out to [email protected].
Conclusion:
By following these instructions, you'll be able to configure Single Sign-On (SSO) in Blueink eSignature App using an Okta SAML connection. Should you require support during the setup process, please don't hesitate to reach out to [email protected]. Kindly note that the metadata URL should also be sent to this email address for assistance with SSO setup.