Enable (SSO) Single Sign-On in Bynder

  • Updated

Caution

This article describes a self-service SSO configuration to set up one or multiple SSO flows. Contact your Customer Success Manager to confirm you portal has been enabled for Self Service SSO

Single Sign-On (SSO) can be a big time saver for users and administrators. By implementing one or multiple SSO flows in a portal, anyone in your network can click the SSO button on the portal's login page to quickly log in without needing a separate Bynder username and password.

SSO also allows you to automatically create new user accounts (Just-in-Time provisioning - JIT), which removes this manual task from portal administrators. Setting up a profile or group mapping (for SAML or OpenID) ensures that a user account with the appropriate permission profile is created when a user logs in for the first time using SSO.

You can configure one or multiple SSO identity providers to manage user authentication in your Bynder portal. For example, if some users log in via SAML SSO while others use Google SSO, each can choose the preferred log-in method on the Bynder portal login page.

Bynder supports any combination of these SSO methods to be enabled in your account:

By default, all users logging into Bynder do so via the Bynder login page. However, after setting up your Single Sign-On (SSO) provider(s) you can set up a redirect to override the portal login page and automatically direct a user or users to the configured SSO provider based on the predefined conditions such as a Visitor IP address (single IP, multiple IPs, or subnets) or if OAuth2 flow is in use.

Learn more about updating the login configuration look and feel, including how the SSO login buttons appear on your Bynder login page.

SSO FAQ

What signing options are required by Bynder?

The SAML response must be signed.

What signing algorithm are supported by Bynder?

The RSA-SHA256 and RSA-SHA1 algorithms are supported, but Okta will default to the RSA-SHA256 algorithm since it's more secure.

Does Bynder support enabling force authentication?

We don't support configuring forceAuthn in the SAML request.

Does Bynder support SAML Single Logout (SLO)?

We don't support Single Logout (SLO).

What is the default relay state URL?

This value can be left empty.

Does Bynder have an OIN app in Okta?

No, we do not.

Does your SSO setup support IdP/SP/both initiated login workflows?

Yes, we support both.

Does Bynder SSO support provisioning and deprovisioning of users?

Bynder only supports JIT provisioning, SCIM is not supported.

Is it possible to force users to only log in via SSO and not username & password?

By default users created through JIT provisioning will be restricted from setting a password, however exceptions can be made for individual users in user management.

Are licenses automatically purchased if a new user is provisioned via Okta?

No, if you exceed your licenses, your Customer Success Manager will contact you to provision new seats or make other changes.

Can Bynder Portal be configured as the IdP?

No, Bynder Portal cannot serve as Identity Provider (IdP).

Can I redirect my users to another starting point for the SSO flow?

Yes, you can do so via redirect SSO Login. Learn more here.

SSO Troubleshooting

If you experience a technical issue with your SSO providers we recommend that you check out the SSO Troubleshooting Logs here.

For any technical assistance, we advise you to reach out to the technical support department of your SSO provider.

Note

Bynder Support doesn't have access to your SSO provider and, therefore, can't further assist you with this type of inquiries

Was this article helpful?

0 out of 0 found this helpful

We're sorry to hear that!

Find out more in our community

Have more questions? Find out more in our community