Below is the information needed to set up a SAML application. You will need the following:
-
Your "tenant subdomain": acme.benchling.com or validated.benchling.cloud
-
Your "tenant name". For the above two examples, this would be acme and validated. Your Implementation Manager can confirm the 'name' of each of your tenants with you as a part of this process.
Configure a SAML Application for each of your Benchling tenants as follows:
-
Single sign-on URL (also known as the Assertion Consumer Service URL or ACS URL): https://<TENANT_SUBDOMAIN>/ext/saml/signin:finish. Examples: https://acme.benchling.com/ext/saml/signin:finish and https://validated.benchling.cloud/ext/saml/signin:finish
-
Entity ID (also known as the Audience URI): https://<TENANT_NAME>.benchling.com/ext/saml/metadata.xml. Examples: https://acme.benchling.com/ext/saml/metadata.xml and https://validated.benchling.com/ext/saml/metadata.xml
-
NameID. The identifier of the user to be matched with a Benchling account. We accept either a username which will be matched to the handle on a Benchling account, or an email address. Note that by default, Benchling's SAML Requests will request a NameID of format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. If you would like to identify users in Benchling by handle, your Implementation Manager can update our requested NameID to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-
Responses should be signed if possible, otherwise assertions should be signed
Please include the following attributes mapping (assertions):
-
firstName
: user's first name -
lastName
: user's last name -
email
: user's email