Skip to content
English - United States
  • There are no suggestions because the search field is empty.

 How to Configure SAML Single Sign-On (SSO)

Configure SAML Single Sign-On (SSO) so users can sign in with an identity provider such as Azure. You can also enable SCIM provisioning to automatically synchronize users with Buildfire.

How to Configure SAML Single Sign-On (SSO) and SCIM User Provisioning

Preview

Configure SAML Single Sign-On (SSO) to let users sign in with your organization's identity provider. You can also enable SCIM provisioning to automatically create, update, and deactivate Buildfire users from your identity provider.

Overview

Buildfire supports two enterprise authentication features that work independently or together with any SAML 2.0 and SCIM-compatible identity provider, including Azure AD, Okta, Google Workspace, OneLogin, Ping Identity, and others.

You can configure one or both of the following:

  • SAML 2.0 Single Sign-On (SSO) allows users to authenticate with their organization's identity provider instead of using Buildfire credentials. Buildfire acts as the SAML Service Provider, while your identity provider manages user authentication and access.
  • SCIM 2.0 User Provisioning automatically manages the Buildfire user lifecycle. When users are created, updated, or deactivated in your identity provider. SCIM provisioning uses a separate connection from SAML authentication, so it can also be used alongside other authentication methods such as OAuth 2.0, OpenID Connect (OIDC), or Custom SSO.

You can configure only SAML if you need enterprise authentication, or configure both SAML and SCIM if you also want automatic user provisioning and deprovisioning.

Requirements

You must have administrator access to your Buildfire Control Panel and your identity provider. Your identity provider must support SAML 2.0 to configure Single Sign-On. 

How to Configure SAML Single Sign-On (SSO) and SCIM User Provisioning
  1. Go to User Access > Settings, click Add Sign-in Integration, and select SAML.
  2. Configure the SAML integration.
    • Enter a unique integration name.
    • Customize the sign-in and registration button.
    • Select the button color and icon.
  3. Configure your identity provider.
    • Create a new enterprise application.
    • Open the Single Sign-On (SSO) settings.
    • Copy the metadata URL.
    • Paste the metadata URL into the Buildfire SAML integration.
    • Verify that the Entity ID, SSO URL, and Signing Certificate are populated automatically.
  4. Complete the SAML configuration.
    • Copy the Buildfire Entity ID and Redirect URL.
    • Paste them into your identity provider.
    • Configure user attributes as needed.
    • Keep the Name ID attribute, as it is required.
    • Make sure to save the Buildfire and saml configuration
    • Test the SAML connection.
  5. Configure access and security (This step is under app properties and not within the single sign on configuration)
    • Choose whether only assigned users can sign in.
    • Set the signing option to Sign SAML response and assertion.
  6. (Optional) Enable SCIM provisioning if you want automatic user management.
    • Create a new provisioning configuration in your identity provider.
    • Set the authentication method to Bearer Authentication.
    • Copy the SCIM Webhook URL and SCIM Token from the Buildfire integration.
    • Paste them into your identity provider.
    • Select the provisioning scope.
    • Start provisioning.
  7. Verify the integration.
    • Confirm users can authenticate with SAML.

Pro tips
  • SAML controls authentication, while SCIM manages user accounts. They are separate features and can be enabled independently.
  • If you disable a user in your identity provider and SCIM is enabled, Buildfire automatically revokes that user's access during the next provisioning cycle.
  • Configuring SAML or SCIM does not require a new app build or app store resubmission.
  • Synchronization could take up to 1 hour and not real time depending on the vendor.