Below is the information needed to set up a SAML application. You will need the following:
Your "tenant subdomain": acme.benchling.com or validated.benchling.cloud
Your "tenant name". For the above two examples, this would be acme and validated. Your Implementation Manager can confirm the 'name' of each of your tenants with you as a part of this process.
Configure a SAML Application for each of your Benchling tenants as follows:
Single sign-on URL (also known as the Assertion Consumer Service URL or ACS URL): https://<TENANT_SUBDOMAIN>/ext/saml/signin:finish. Examples: https://acme.benchling.com/ext/saml/signin:finish and https://validated.benchling.cloud/ext/saml/signin:finish
Entity ID (also known as the Audience URI): https://<TENANT_NAME>.benchling.com/ext/saml/metadata.xml. Examples: https://acme.benchling.com/ext/saml/metadata.xml and https://validated.benchling.com/ext/saml/metadata.xml
NameID. The identifier of the user to be matched with a Benchling account. We accept either a username which will be matched to the handle on a Benchling account, or an email address. Note that by default, Benchling's SAML Requests will request a NameID of format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. If you would like to identify users in Benchling by handle, your Implementation Manager can update our requested NameID to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Responses should be signed if possible, otherwise assertions should be signed
Please include the following attributes mapping (assertions):
firstName
: user's first namelastName
: user's last nameemail
: user's email