Caution
This article describes a self-service SSO configuration to set up one or multiple SSO flows. You may not be using this latest version yet, as we've only enabled this version for a limited number of Bynder portals. To switch to the updated Single Sign-On (SSO) flow please contact your Customer Success Manager.
Single Sign-On (SSO) can be a big time saver for users and administrators. By implementing one or multiple SSO flows in a portal, anyone in your network can click the SSO button on the portal's login page to quickly log in without needing a separate Bynder username and password.
SSO also allows you to automatically create new user accounts (Just-in-Time provisioning - JIT), which removes this manual task from portal administrators. Setting up a profile or group mapping (for SAML or OpenID) ensures that a user account with the appropriate permission profile is created when a user logs in for the first time using SSO.
You can configure one or multiple SSO identity providers to manage user authentication in your Bynder portal. For example, if some users log in via SAML SSO while others use Google SSO, each can choose the preferred log-in method on the Bynder portal login page.
Bynder supports any combination of these SSO methods to be enabled in your account:
Learn more about updating the login configuration look and feel, including how the SSO login buttons appear on your Bynder login page.
What signing options are required by Bynder?
The SAML response must be signed.
What signing algorithm are supported by Bynder?
The RSA-SHA256 and RSA-SHA1 algorithms are supported, but Okta will default to the RSA-SHA256 algorithm since it's more secure.
Does Bynder support enabling force authentication?
We don't support configuring forceAuthn in the SAML request.
Does Bynder support SAML Single Logout (SLO)?
We don't support Single Logout (SLO).
What is the default relay state URL?
This value can be left empty.
Does Bynder have an OIN app in Okta?
No, we do not.
Does your SSO setup support IdP/SP/both initiated login workflows?
Yes, we support both.
Does Bynder SSO support provisioning and deprovisioning of users?
Bynder only supports JIT provisioning, SCIM is not supported.
Is it possible to force users to only log in via SSO and not username & password?
By default users created through JIT provisioning will be restricted from setting a password, however exceptions can be made for individual users in user management.
Are licenses automatically purchased if a new user is provisioned via Okta?
No, if you exceed your licenses, your Customer Success Manager will contact you to provision new seats or make other changes.
If you experience a technical issue with your SSO providers we recommend that you check out the SSO Troubleshooting Logs here.
For any technical assistance, we advise you to reach out to the technical support department of your SSO provider.
Note
Bynder Support doesn't have access to your SSO provider and, therefore, can't further assist you with this type of inquiries
<%= heading %>