Skip to main content
All CollectionsSingle Sign On (SSO) Setup
Blueink SSO Setup: Microsoft Entra ID SAML
Blueink SSO Setup: Microsoft Entra ID SAML

In this help article, we will explore how to set up SSO using Microsoft Entra ID SAML.

Raymund Mission avatar
Written by Raymund Mission
Updated over 7 months ago

Overview

This document contains instructions to configure Single Sign-On (SSO) into the Blueink

eSignature App using a Microsoft Entra ID SAML connection.

The target audience for this document is Blueink Customers who use Microsoft Entra ID as their IdP (Identity Provider).

If you want to setup SSO using a different IdP or connection type, please visit help.blueink.com for additional guides.

Prerequisites

These instructions should be followed by someone who is an Admin of your Microsoft Entra ID account, or who otherwise has permissions to create and configure customer applications in Entra ID.

Summary Instructions

A quick summary of the steps is as follows. Detailed instructions, with screenshots, can be found in the following section.

  1. Log into Microsoft Entra ID Admin Center (https://aka.ms/MSEntraPortal) as an

    Administrator, or as a user with permissions to create and configure Entra ID

    applications

  2. Click New Application and then Create your own application

  3. Name your application (e.g. “Blueink”) and select Integrate any other application you don't find in the gallery (Non-gallery) and then click Create.

  4. Go to the Single Sign On page, click Set up Single Sign On and select SAML

  5. Click Edit on Basic SAML Configuration and add the following SSO Connection parameters that were provided to you by Blueink:

    1. Identifier (Entity ID): the AUDIENCE URI provided by Blueink

    2. Reply URL (Assertion Consumer Service URL): the ACS URL provided by Blueink

    3. Click Save

  6. Edit the Attributes & Claims section

    1. Edit the Unique User Identifier (Name ID) under Required Claim, and Change the Source attribute to use user.primaryauthoritativeemail.

    2. Delete the Additional Claims and add two new Claims

      1. For Claim 1: Set the Name to firstName, and the Source Attribute to user.givenname

      2. For Claim 2: Set the Name to lastName, and the Source Attribute to user.surname

  7. From the SAML Certificates section, copy the App Federation Metadata Url.

    1. Email the URL to your Blueink representative

  8. Go to Users and Groups and add Users / Groups that should have access to the Blueink eSignature App

  9. Test a login with Using an email address of a User that already exists in your Blueink

    eSignature Account.

    1. Log out, and then visit this URL to login:

Detailed Instructions

Log into the Microsoft Entra Admin Center (https://aka.ms/MSEntraPortal) as an Administrator, or as a user with permissions to create and configure Entra ID applications.

Navigate to Enterprise applications and select to create a New application:

Select Create your own application at the top.

Name your application (e.g. “Blueink”) and select Integrate any other application you don't find in the gallery (Non-gallery) and then click Create.

SAML Configuration

Once your application is created, navigate to the Single Sign-On setup page and select SAML.

Click Edit on Basic SAML Configuration and add the following SSO Connection parameters that were provided to you by Blueink:

  • Identifier (Entity ID): the AUDIENCE URI provided by Blueink

  • Reply URL (Assertion Consumer Service URL): the ACS URL provided by Blueink

Leave the other values blank and click Save.

Attributes and Claims

Next, edit the Attributes & Claims section.

Click on the Unique User Identifier (Name ID) under Required Claim, and change the Source attribute to use user.primaryauthoritativeemail.

Under Additional claims, delete the default options and then add the following two claims by clicking Add new claim.

First new claim: Enter firstName in the Name field and user.givenname in the Source attribute field and click Save.

Second new claim: Enter lastName in the Name field and user.surname in the Source attribute field and click Save.

When you are finished editing and adding claims, the Attributes & Claims section should look like this:

Close the Attributes & Claims window and return to the main SAML configuration screen.

Metadata URL

From the SAML Certificates section, now copy the App Federation Metadata Url.

Please send this URL via email to your Blueink Account rep, or to the Blueink support person assisting with your SSO configuration.

Blueink will set up the SSO connection on our end, and respond to you once that is complete. Typically this process is quick.

The screenshot below shows where to find the App Federation Metadata Url.

Add Users and Groups

The last step is to add users to your application in Entra, which you can do by navigating to Users and groups and selecting "Add user/group".

Select the Users or Groups that should have access to the Blueink eSignature App via SSO.

Test Your Blueink SSO Connection

Now that you have an SSO Connection set up, you can test it out as follows:

  1. Log out of any active Blueink sessions in your browser

  2. Visit the test SSO login page at: https://secure.blueink.com/auth/login

  3. Enter your email address

    1. You should be redirected to your Microsoft Entra login page and prompted to enter your credentials

  4. You should then be redirected back to the Blueink dashboard and be logged in to your Blueink eSignature Account

If you have any issues, don't hesitate to reach out to [email protected].


Conclusion:

By following these instructions, you'll be able to configure Single Sign-On (SSO) in Blueink eSignature App using a Microsoft Entra ID SAML connection. Should you require support during the setup process, please don't hesitate to reach out to [email protected]. Kindly note that the metadata URL should also be sent to this email address for assistance with SSO setup.

Did this answer your question?