Here’s a step-by-step guide on how to configure SSO for your BlogIn account by creating a SAML app in G Suite. It’s a convenient option if you use G Suite and haven’t implemented SSO yet.
Prerequisites: Ensure that you are the administrator of both your BlogIn and G Suite accounts.
1. Log in to Google Admin Console at (at admin.google.com)
2. Go to Apps > Web and mobile apps > Add app > Add custom SAML app
The App details modal opens.
Fill in Blogin details; this information is shared with your app users.
You can use this image for the App icon.
Click Continue.
3. The Google IDP Information window opens, and the SSO URL and Entity ID fields are automatically populated.
The information from this window is used to configure SSO on BlogIn. The easiest way to do this is to download the IDP metadata file, save it on your computer, and use it later when setting up SSO on Blogin (step 7).
Click Continue.
4. In the Service Provider Details window, type the following information:
ACS URL: https://{YOUR_BLOG_URL}/sso/saml/callback (with your actual BlogIn blog URL where it says {YOUR_BLOG_URL})
Entity ID: https://{YOUR_BLOG_URL}/ (with your actual BlogIn blog URL where it says {YOUR_BLOG_URL})
Start URL: https://{YOUR_BLOG_URL}/ (with your actual BlogIn blog URL where it says {YOUR_BLOG_URL})
Signed Response: Disable
Name ID Format: EMAIL
Name ID: Basic Information > Primary Email
These URLs are also provided on the bottom of the SSO Configuration screen (Settings > User Authentication > Configure SSO) under Identity Provider Configuration Data on BlogIn.
Here’s how it will look:
Click Continue.
5. Provide mappings between BlogIn user attributes and available user profile fields.
Click ADD NEW MAPPING to add custom mappings for user attributes, like first name, last name, phone number and job title.
Google Directory attribute: Basic Information > First name
App attribute name: firstname
Google Directory attribute: Basic Information > Last name
App attribute name: lastname
Google Directory attribute: Phone > Phone number
App attribute name: phone
Google Directory attribute: Employee details > Title
App attribute name: title
Setting Group Membership is currently not supported.
Click Finish.
6. Activating the app for your domain
By default, the app you created is turned off and is not visible to the users signed in to your Google domain account.
To activate the app, find the BlogIn SAML app you just created and click on the User access tab to enable the app for users.
On the Service status page, select On for everyone and click Save.
You can also turn the app on only for some organizations. Here’s an article on how to add an organizational unit in your G Suite account.
7. Configure SSO on BlogIn
In a new tab or window, log in to your BlogIn account and go to Settings > User Authentication > Configure SSO & User Provisioning.
Change Single Sign-On status to On and choose a custom name for SSO Login that will be displayed on the login screen.
Choose Configuration Method (Metadata URL or Metadata file is recommended) and populate the required fields.
If you downloaded the IDP Metadata file in step 3, choose Metadata FIle as the Configuration method and upload the file IDP Metadata file.
Otherwise, change the Configuration method to manual and manually populate Identity Provider SSO URL (Login URL) and Identity Provider Issuer (entity ID) and upload the Certificate you got from G Suite (information from the last step).
Choose the default user role for new users joining using SSO.
Click Save Changes.
SSO Setup is now complete.
From now on, users should be able to log in to BlogIn by clicking the "Sign In with SSO" button on the login screen, as long as they are logged in to their G Suite account.
Got Questions?
If you have any questions, feel free to contact us via email support@blogin.co or Twitter.