Configure SAML on other systems

Aarthi
Aarthi
  • Updated

Below is the information needed to set up a SAML application. You will need the following:

  • Your "tenant subdomain": acme.benchling.com or validated.benchling.cloud

  • Your "tenant name". For the above two examples, this would be acme and validated. Your Implementation Manager can confirm the 'name' of each of your tenants with you as a part of this process.

Configure a SAML Application for each of your Benchling tenants as follows:

  • Single sign-on URL (also known as the Assertion Consumer Service URL or ACS URL): https://<TENANT_SUBDOMAIN>/ext/saml/signin:finish. Examples: https://acme.benchling.com/ext/saml/signin:finish and https://validated.benchling.cloud/ext/saml/signin:finish

  • Entity ID (also known as the Audience URI): https://<TENANT_NAME>.benchling.com/ext/saml/metadata.xml. Examples: https://acme.benchling.com/ext/saml/metadata.xml and https://validated.benchling.com/ext/saml/metadata.xml

  • NameID. The identifier of the user to be matched with a Benchling account. We accept either a username which will be matched to the handle on a Benchling account, or an email address. Note that by default, Benchling's SAML Requests will request a NameID of format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. If you would like to identify users in Benchling by handle, your Implementation Manager can update our requested NameID to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

  • Responses should be signed if possible, otherwise assertions should be signed

Please include the following attributes mapping (assertions):

  • firstName: user's first name

  • lastName: user's last name

  • email: user's email

Was this article helpful?

Have more questions? Submit a request