🚀 Bindplane's first Launch Week goes live on June 2nd! New features launching all week.Explore now

SaaS Single Sign On (SSO)

note

This feature is currently in Private Preview for select organizations with Enterprise or Google Enterprise licenses. To request access, please fill out this form.

Overview

Bindplane SaaS offers Single Sign On (SSO) capabilities, allowing organization admins to set up access controls using common Identity Providers (IdPs) like Okta, Microsoft Entra, or custom OIDC/SAML implementations.

Prerequisites

Before setting up SSO, ensure you have:

  1. An Enterprise or Google Enterprise license
  2. Organization Admin privileges in Bindplane
  3. Access to your Identity Provider's admin console
  4. Basic understanding of SAML/OIDC protocols

Important Notes

User Management

  • Your email is the primary identifier for your account. The OIDC/SAML response must include the email scope for proper user role transition upon login.
  • User permissions are managed via Bindplane's Role-Based Access Control (RBAC) system.
  • New users logging in through SSO will automatically become organization members with Project Viewer access to all projects.
  • Organization Admins can modify user roles after their first login.

Authentication Methods

  • Once an IdP is connected, social logins (Google) and username/password authentication will be disabled for your organization.
  • If you delete the last IdP connection, traditional authentication methods will be re-enabled.
  • In case of IdP unavailability, users with existing sessions will continue to work, but new logins will be blocked until the IdP is restored.

Security Best Practices

  1. IdP Configuration

    • Enable MFA in your IdP
    • Configure appropriate session timeouts
    • Set up proper user provisioning/deprovisioning workflows

  2. Access Management

    • Regularly audit user access
    • Implement least-privilege access principles
    • Monitor SSO login attempts and failures

Setup Guide

1. Access Organization Settings

As an organization admin, log in to your Bindplane organization and navigate to the organization page. Locate the Single Sign-On section.

Single Sign On configuration section in organization settings

2. Configure Connection

  1. Provide a friendly display name for your connection. This name will be visible to users during login.
Naming your SSO connection in Bindplane
  1. Select your Identity Provider from the list and follow the provider-specific instructions.
Selecting your Identity Provider in Bindplane

warning

Always test your connection before enabling it. If you enable a connection that is improperly configured you may lock yourself out of your Bindplane organization.

3. Test and Enable

  1. Use the test connection feature to verify your setup
  2. Review the test results carefully, ensure the email is within the response.
  3. Enable the connection when ready
Testing and enabling your SSO connection

4. Finalize Setup

Complete the setup process in Bindplane:

Finalizing SSO setup in Bindplane

5. User Access

Users can now access Bindplane through SSO in two ways:

  1. Use the "Login With SSO" button on the login page
  2. Direct access via URL: https://app.bindplane.com/login?organization=<your-organization-name>

These will directly use your configured Identity Provider(s) to authenticate the user.

Troubleshooting

Common Issues

  1. Login Failures

    • Verify IdP configuration
    • Check user email mapping
    • Ensure proper role assignment

  2. Role Assignment Issues

    • Confirm email scope in IdP configuration

  3. Connection Problems

    • Validate IdP endpoints
    • Check network connectivity
    • Verify certificate validity

Support

If you encounter issues not covered in this guide, please contact Bindplane support with:

  • Your organization name
  • IdP type and configuration
  • Error messages or logs
  • Steps to reproduce the issue