Bevy supports Single Sign On via Security Assertion Markup Language (SAML), a web security standard for logging users into applications.
Requirements
To support Single Sign On via SAML, Bevy requires the following:
- Metadata URL or XML file
- Include the following attributes in the SAML application:
- ID (required). This must be a unique ID for the user who does not change. It must always be present.
- email (required)
- full_name (optional if first_name is present)
- first_name (optional if full_name is present)
- last_name (optional)
- picture (optional)
Bevy provides the following:
- Entity ID: your chosen domain name, e.g., https://bevy.bevylabs.com/
- ACS URL: in the following formats
- Add callback URL for Bevy to test:
https://<client-id>-staging.bevylabs.com/accounts/saml/acs/
- Here,
<client-id>
is the same ID used for the bevylabs.com subdomain.
- Here,
- Add a callback URL for your instance during onboarding:
https://<client-id>.bevylabs.com/accounts/saml/acs/
- Add a callback URL for your final chosen domain that will be used when you go live with Bevy:
https://<your-domain>/accounts/saml/acs/
- Add callback URL for Bevy to test:
For the ACS URL, you may only be able to add one at a time. First, we'll add the staging URL set up, then update it to the https://<client-id>.bevylabs.com/accounts/saml/acs/
Once we're ready to go live, we can update it to your final chosen domain. https://<your-domain>/accounts/saml/acs/
Use https://<your-domain>/accounts/saml/login/
to configure this provider for service provider-initiated SSO. For example, https://bevy.com/accounts/saml/login/