SSO - SAML2.0 for In Vivo

Judi
Judi
  • Updated

 

Step 1: Configure your identity provider (IDP)

  • Set the login URL to the following:
    • https://<Companydomain>.invivo.benchling.com/api/login/sso/saml2/callback
      • The company domain will be in the format:
        • <yourcompanyname><test/dev> 
          • e.g https://ExampleCompany.invivo.benchling.com/api/login/sso/saml2/callback
          • https://ExampleCompanytest.invivo.benchling.com/api/login/sso/saml2/callback
  • Set the logout URL to the following
    • https://<Companydomain>.invivo.benchling.com/api/logout
  • Please include the following attributes mapping (assertions):

    • firstName: user's first name

    • lastName: user's last name

    • email: user's email

Step 2: Send configuration information to Benchling

Once you've configured your IDP, you should have a metadata URL (some providers do not offer a URL and offer only a metadata file usually called metadata.xml). Please send that URL (or file) over to Benchling along with the Audience and Issuer for this application. 

Once Benchling support has received the metadata, we'll turn on SAML in "soft launch" mode. In this mode, we'll be able to verify that SAML works but users will not yet be forced to log in via SAML.

 

Step 3: Verify SAML integration

Options to test SAML:

Option 1: The users assigned to this application should now see "Benchling In Vivo" in the IDP, click on the application to test login.

Option 2: Navigate to the following URL: https://<Companydomain>.invivo.benchling.com/api/login/sso/saml2

Option 3 navigate to the the tenant URL to login: https://<Companydomain>.invivo.benchling.com/login. Click Login with SSO below the login fields.

  

Step 4: Add all users to the access list

Once confirmed to be working, ensure that all users have access to Benchling from within your IDP. Be careful to double check this, as any user who does not have access will be locked out of Benchling once SAML is fully enabled.

 

Step 5: Enforce SAML for all users

Finally, ask Benchling support to enforce SAML for all users. All future sign-ons will go through your IDP instead of the normal username and password flow.

 

Expired SSO certificate

If the SSO certificate expires, contact Benchling Support to update the SSO metadata link.

 

 

Was this article helpful?

Have more questions? Submit a request