BlueJeans uses the secure and widely adopted industry standard Security Assertion Markup Language (SAML), for Single Sign On method. This also means BlueJeans implementation of SSO integrates easily with any large Identity Provider (IdP) that supports SAML. If you've built your own SAML-based federated authentication process, we integrate with that too. We support service-provider-initiated SAML and identity-provider-initiated SAML.
Officially supported Identity Providers:
- ADFS 2.0 & 3.0 - To integrate BlueJeans with your ADFS service, refer to our guide: Configuring ADFS for SAML SSO with BlueJeans Network
- Okta - If you already have Okta, please see this resource to enable BlueJeans in Okta.
- OneLogin - If you already have OneLogin, please see this resource to enable BlueJeans for OneLogin. Additional information on integration with OneLogin can be found here.
- Centrify - Additional information on integrating with Centrify can be found here.
- Azure AD - Detailed instructions on integrating Azure AD with BlueJeans can be found here.
- Shibboleth - Additional information on integrating for Shibboleth can be found here.
- RSA SecurID - Detailed instructions on integrating with RSA SecurID can be found here.
- Ping Identity - Detailed instructions on integrating with PingFederate can be found here.
- Bitium - Additional information on integrating with Bitium can be found here.
SAML/ SSO frequently Asked Questions:
Does BlueJeans support two factor authentication with SSO?
How do I enable single sign-on (SSO) with my BlueJeans service?
See detailed instructions on Enabling Single Sign On for Enterprise Groups (SAML)
What version of SAML does BlueJeans support?
BlueJeans supports SAML version 2.0.
What SAML profiles does BlueJeans support?
BlueJeans supports Service Provider (SP) Initiated and Identity Provider (IdP) Initiated profiles.
What binding methods does the BlueJeans SAML implementation use?
The binding method that is used is: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.
Where can I obtain the SAML metadata?
The SAML Metadata content can be read at: http://bluejeans.com/support/saml-metadata.xml
What do the optional configuration steps represent?
Password Change URL: This is the URL from your Identity Provider that they may or may not provide, that allows the changing of a user's password.
Log Out URL: The log out URL is a landing page that a user will be directed to upon successfully being logged out of BlueJeans. It is not a Single Log Out URL.
Where do users go to log in via SAML?
For a Service Provider Initiated profile, end users will go to their BlueJeans Enterprise Landing Page.
For an Identity Provider (IdP) Initiated profile, end users will simply log into the IdP first, followed by selecting the BlueJeans service from the IdP’s service menu.
Users can even login using SSO from different BJN Applications like BlueJeans Desktop or Mobile App, Outlook Add-In, Mac scheduler etc - where user will put their BlueJeans e-mail address first, which when validated at back-end, SSO login flow kicks in.
User movement to my Enterprise via SSO is allowed?
No; any existing BlueJeans user, who is not part of your enterprise, will not be moved to your enterprise while he/ she is trying to login via SSO from your company's landing page. The Enterprise Admin needs to add him or ask BlueJeans Support to do the same from back-end.
What can I do if I accidentally misconfigured my SAML settings and can’t log in anymore?
In this case, you can still log in with your original credentials by going to http://bluejeans.com/login
Why don’t I see the SAML option in the Admin Security tab?
This is likely due to not having a BlueJeans Enterprise Landing Page enabled. Check to see if you have a landing page by entering http://<your_domain>.bluejeans.com into your browser. If the main BlueJeans webpage loads, you do not have a landing page enabled. Please contact your account manager to have it enabled.
If I turn on the SSO, can our users still log in using the normal BlueJeans login portal?
Yes, if they had logged-in at some point in the past. If you do not want users to login from there and only use SSO for login, you can request BlueJeans support to disable the normal login.
What other Identity Providers does BlueJeans support?
We support any SAML 2.0 compatible identity provider. In addition to the IdPs listed above, some of the known IdPs that we have successfully deployed SAML with are:
- VMWare Horizon
- Google Apps SSO
- Oracle Identity Cloud
Does BlueJeans support Single Log Out?
Not at this time, but it is being considered for our roadmap. Please let us know if this is something that is critical to your deployment of services within your organization.
The current log out URL that is offered in the configuration simply represents the landing page to direct the user to after a successful logout from the BlueJeans Web App is performed.