GitHub

Setting up Idaptive SAML SSO for Bitrise

Published at 2020-09-25

This guide provides step-by-step instructions on setting up Bitrise as a SAML application on Idaptive.

Before you start:

Getting configuration information from Idaptive

  1. Log into Idaptive as an Admin.
  2. Go to Apps, then to Web Apps. Click the Add Web Apps button on the right.
  3. On the Custom tab and select SAML, and click Add. On the Add Web App popup hit Yes. Close the window. You will be automatically directed to the Settings page.

  4. Add Bitrise to the Name and Application ID fields on the Settings page and click Save.

  5. Click Trust on the left menu bar and select the Manual configuration under Identity Provider Configuration.
  6. Click the Signing Certificate dropdown and download the certificate. Open it with a text editor so that you can copy the full content of the certificate.

  7. Insert it in the Certificate text box on the Single Sign On page of Bitrise.
  8. Copy the Single Sign On URL from Trust page of Idaptive. Insert it on the Identity provider sign-on URL field on the Single Sign On page of Bitrise.
  9. While on the Single Sign On page of Bitrise, copy the Single Sign-On URL and click Configure.

  10. Now let’s head back to Idaptive! Under Service Provider Configuration click Manual Configuration. Type Bitrise in the SP Entity ID / Issuer / Audience and paste the Single Sing-On URL from Bitrise to the Assertion Consumer Service (ACS) URL on Idaptive.

  11. Scroll down to NameID Format and select emailAddress. Click Save.

  12. Go to Permissions and click the Add button. In the Select User, Group, or Role popup, type the user name you want to add to the SAML app. Select it and hit Add. Save your changes. This will change the status of your Bitrise SAML app to Deployed.

  13. Check your inbox for an email from letsconnect@bitrise.io which describes how to access the Organization via SAML. This email contains a Sign In via SSO button and a URL. Click the link or paste the URL to a new window.

  14. You’re directed to the Allow “Organization name” to sign you in page. Click Authorize if you trust the Organization to control your Bitrise account-sign in process. Note that once you click Authorize, you’ll only be able authenticate this account via SAML SSO. Click Don’t allow if the invitation email is from an untrusted source.

  15. If all went well, you should be landing on our Bitrise Dashboard.

If you click Account settings and select the Single Sign-On tab from the left menu, you should see SAML SSO is enabled for your Organization. Once all Organization members have authorized their SAML SSO connection, you can enforce SAML SSO on the whole organization with a simple toggle.