Common terms and definitions
-
Authentication: the process of verifying users/identities based on credentials provided at time of access
-
Identity Provider (IdP): a system that creates, maintains, and manages identity information and performs the authentication of user identities (i.e. Okta, Azure AD, etc.). Communicates authentication and authorization data to the service provider.
-
Service Provider (SP): an application (i.e. Benchling) that wants to authenticate users through an IdP. SP uses the authentication from the IdP to grant authorization to the user’s application request.
What is SAML SSO?
Security association markup language (SAML) is an XML-based, publicly available software that allows users to use one set of credentials to log in to many different applications. Single sign-on (SSO) allows an identity provider (IdP) to authenticate a user’s identity and once confirmed, it then shares their identity with other applications. SAML SSO provides a seamless experience for users when utilizing Benchling and other applications since only one set of credentials is needed to log in to many applications at once.
When a user attempts to access a SAML SSO enforced Benchling tenant, Benchling will automatically generate an authentication request and send it to the customer’s IdP. The IdP will then prompt the user to sign in. Once the user's identity is verified against the IdP user credentials, the user is logged into the IdP. The IdP will pass information about the user to Benchling and automatically log the user into their Benchling tenant.
Using SAML SSO with Benchling benefits both scientists and IT teams alike. IT teams can manage users, control application access, and enforce password securities. Scientists also eliminate time wasted on password and application management by only needing to remember a single username and password to access all applications.
Optional SAML features
The following are optional features that can be added to standard SAML configurations. Implementing these features involves configuration and testing steps to ensure support is possible.
-
Single log out (SLO) is a SAML feature where users can sign out of Benchling and all other IdP configured applications with a single action. SLO saves users time by allowing them to sign out of all applications at once and provides additional security since users don't have to remember to log out of connected apps.
-
Electronic signature (e-signature) is a SAML enabled feature that requires a user to confirm their identity using SSO anytime a user sends an entry for review, rejects, retracts, or accepts a review. E-signatures provide an additional layer of authentication throughout the Benchling entry review process.
Configure SAML SSO for your tenant
To begin the configuration process for SAML SSO for your tenant, please reach out to your Benchling Customer Experience point of contact via email and CC your IT team. Benchling will follow up with steps to begin the SAML SSO configuration process based on this process: Configure SAML Single Sign-On for Benchling.