Bynder Support

Our support team is here for you.

Submit a request Return to overview page
Bynder Support

Enable Single Sign On for Bynder

Follow Print

Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property you can log in with a single ID to gain access to a connected system or systems without being prompted for different usernames or passwords. 

Bynder supports ADFS (Active Directory Federation Services) based on SAML 2.0 (Security Assertion Markup Language) to interface with Active Directory. If you use LDAP, you need to enable your ADFS infrastructure to authenticate users whose identities are stored in LDAP. For more information, see: https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx

If you want to use Microsoft Azure, see the link for the required integration steps: https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-bynder-tutorial/.

We encourage integrating with Active Directory using ADFS POST, Redirect SSO (with the SAML 2.0 standard).

In our standard set up, we’ve created a post redirect to Microsoft ADFS. For this, we use SAML 2.0 with SAML 1.1 assertions. Validation of messages is done with a separate certificate (in pem/x509 format - exchanged together with the ADFS metadata of the identity provider) and we support ONLY message-signed assertions. We work with XML messages that send and decrypt binary data (base64-encoded deflated).

Bynder supports the 6 most common types of SSO configuration for Bynder logins: cookies, kerberos, certificates, one-time password, integrated windows authentication, security assertion markup language.

 

Setup

  1. Configure ADFS for SSO with Bynder. If you use groups in ADFS, you need additional configuration to pass the permissions to Bynder. See how to do it for Windows Server 2012 R2 .
  2. Decide if the users:
    • should see the login page and click the Use your Company X credentials login button,
    • should use auto-login. In this case, users will not see the login page but will automatically be directed to the landing page. 
  3. Prepare and send information to Bynder so that we can enable the SSO for you:
    • prepare a federationMetadata.xml metadata file. The federation metadata file can be exported as an XML file or can be sent as a URL.To find the XML metadata from the AD, type the following URL in a browser on the AD server: https://adfs.yourdomain.com/FederationMetadata/2007-06/FederationMetadata.xml.

      Note: You can refer to the attachment for an example of the file. You might need an app, such as, TextWrangler to open the file.

    • create an AD test account that Bynder can use.
  4. Decide on the look and feel of the SSO screen. We can style the labels and buttons. For example, you login page can look in the following way. 

     or 

Was this article helpful?

1 out of 1 found this helpful
Have more questions? Submit a request

Comments