Configure SAML Single Sign-On for Benchling

  • Updated

SAML-based single sign-on (SSO) allows you to integrate an identity provider (IDP) of your choice. Once configured, users will be forced to sign in to Benchling through the IDP. This lets you tie all accounts to a centralized directory, enforce password requirements, implement multi-factor authentication, and more.

Step 1: Configure your identity provider (IDP)

Benchling supports any IDP that implements the SAML 2.0 protocol.

Below you can find help pages for individual IDPs that Benchling has tested with:

If you don't see your IDP listed above, you can follow the instructions for generic SAML integrations.

Step 2: Send configuration information to Benchling

Once you've configured your IDP, you should have a metadata URL (some providers do not offer a URL and offer only a metadata file usually called metadata.xml). Please send that URL (or file) over to your Benchling customer success representative.

Once Benchling support has received the metadata, we'll turn on SAML in "soft launch" mode. In this mode, we'll be able to verify that SAML works but users will not yet be forced to log in via SAML.

Step 3: Verify SAML integration

Benchling support will send you instructions on how to verify that SAML is working.

Step 4: Add all users to the access list

Once confirmed to be working, ensure that all users have access to Benchling from within your IDP. Be careful to double check this, as any user who does not have access will be locked out of Benchling once SAML is fully enabled.

Step 5: Enforce SAML for all users

Finally, ask Benchling support to enforce SAML for all users. All future sign-ons will go through your IDP instead of the normal username and password flow.

Expired SSO certificate

If the SSO certificate expires, contact Benchling Support to update the SSO metadata link.

Was this article helpful?

Have more questions? Submit a request