PricingSign inRequest a Demo

Single Sign-On (Cloud)

This feature is currently in Private Preview for select Enterprise and Enterprise (Google Edition) customers in Bindplane Cloud. If you are interested in trying out this feature, please fill out this form.

Bindplane Cloud offers a Single Sign-On (SSO) feature, allowing organization admins to set up access controls using common identity providers (IdPs) like Okta, Microsoft Entra, or custom OIDC/SAML implementations.

Prerequisites

Before setting up SSO, ensure you have:

  1. An Enterprise or Enterprise (Google Edition) plan

  2. Admin privileges in your Bindplane organization

  3. Access to your identity provider's admin console

  4. A basic understanding of SAML/OIDC protocols

Important Notes

User Management

  • Your email is the primary identifier for your account. The OIDC/SAML response must include the email scope for proper user role transition upon login.

  • User permissions are managed via Bindplane's Role-Based Access Control (RBAC) system.

  • New users logging in through SSO will automatically become organization members with Project Viewer access to all projects.

  • Organization Admins can modify user roles after their first login.

Authentication Methods

  • Once an IdP is connected, social logins (Google) and username/password authentication will be disabled for your organization.

  • If you delete the last IdP connection, traditional authentication methods will be re-enabled.

  • In case of IdP unavailability, users with existing sessions will continue to work, but new logins will be blocked until the IdP is restored.

Security Best Practices

  1. IdP Configuration

    • Enable MFA in your IdP

    • Configure appropriate session timeouts

    • Set up proper user provisioning/deprovisioning workflows

  2. Access Management

    • Regularly audit user access

    • Implement least-privilege access principles

    • Monitor SSO login attempts and failures

Setup Guide

1. Access Organization Settings

As an organization admin, log in to your Bindplane organization and navigate to the organization page. Locate the Single Sign-On section.

Single Sign On configuration section in organization settings

2. Configure Connection

  • Select "Add Identity Provider" to configure a new IdP connection.

  • Provide a friendly display name for the connection. This name will be visible to users during login.

  • Optionally, you can also provide a custom logo URL, which may be shown to users when they are selecting which IdP to authenticate with (e.g., we can show a Bindplane logo to differentiate a custom OIDC connection from an Okta connection).

Naming your SSO connection in Bindplane

  • Select your identity provider from the list and follow the provider-specific instructions.

Selecting your Identity Provider in Bindplane

WARNING

Always test your connection before enabling it. If you enable a connection that is improperly configured, you may lock yourself out of your Bindplane organization. If you need any assistance, please contact support.

3. Test and Enable

  • Use the test connection feature to verify your setup.

  • Review the test results carefully. These two fields must be present in order for SSO to work properly.

    • email: Ensure that this field is present, and has the same casing as the email/username you use to log into Bindplane. If the email is not exactly the same as your current Bindplane login credential, you must:

      • Cancel the SSO enablement workflow

      • Create a new user within Bindplane with the correct email

      • Invite them to your projects

      • Elevate them to organization and project administrator

      • Restart the SSO workflow from your new organization admin account

    • email_verified: Ensure that this field is present and set to true.

  • Enable the connection when ready.

Testing and enabling your SSO connection

4. Finalize Setup

Complete the setup process in Bindplane:

Finalizing SSO setup in Bindplane

5. Sign In Using IdP

You can now sign into Bindplane by visiting app.bindplane.com and following the "Continue with SSO" option. Enter your organization's name, then continue to complete your authentication with your configured identity provider.

6. Adding New Users

If you would like to add new users to the organization after SSO is configured, you will first need to add them to the identity provider that was added to Bindplane.

After a new user is added to the IdP and signs into Bindplane for the first time, they will be granted the "Viewer" role to projects within the organization. You may then go into each project and adjust the user's roles or remove them from unneeded projects.

Troubleshooting

Login Failures

  • Verify the IdP's connection settings

  • Check user email mapping

  • Ensure proper role assignment

Role Assignment Issues

  • Confirm the email scope in your IdP's configuration

Connection Problems

  • Validate the IdP's endpoints

  • Check network connective

  • Verify certificate validity

Support

If you encounter any issues not covered here, please contact support with the following information:

  • Your organization name

  • IdP type and configuration

  • Any error messages or logs

  • Steps to reproduce the issue

PreviousAudit TrailNextHow-to Guides

Last updated

Was this helpful?