Blumira - SSO Configuration

Blumira - SSO Configuration

Idea
This documentation has been tested and approved by Kelvin Zero's team
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Blumira using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
Warning
To set up Multi-Pass with Blumiraensure you meet the following requirements: 
- MPAS: Admin rights
- Blumira: Admin rights and XDR access
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.


Configuration of Blumira


Accessing Single Sign-On Settings


  1. On your dashboard, locate the left-hand menu.
  2. Click on "Settings".
  3. Scroll down and select "Single-Sign On"
  1. First, you need to enable the single then allow communication between MPAS and Blumira, follow these steps in MPAS
  2. Open MPAS in a separate browser tab by navigating to: https://dashboard.kzero.com/deployments
  3. Select Your Deployment
  4. Access the "Advanced console"
  1. Click on Clients
  2. Click on Create a Client to register a new client for communication with Blumira
  1. Complete the different fields 
    1. Client type = Switch to SAML
    2. Client ID = you can find it on Blumira Metadata (urn:auth0:blumira:<SPECIFIC NAME>)
    3. Name = For example "blumira"
    4. Description = for example "SSO Integration"
    5. Always display in UI = Switch to "On"
  1. Click on "Next" and complete the fields below
    1. Home URL = https://ca.auth.kzero.com/realms/randintegration/protocol/saml/clients/blumira
    2. Valid redirect URIs = Blumira ACS URL (https://auth.blumira.com/login/callback?connection=<SPECIFIC NAME>)
    3. Valid post logout redirect URIs = Blumira Logout URL (https://auth.blumira.com/logout)
    4. IDP-Initiated SSO URL name = blumira
  1. Complete the last configuration and click on "save"
    1. SAML capabilities
      1. Name ID format - email
      2. Force POST binding - ON
      3. Include AuthnStatement - ON
    2. Signature and Encryption
      1. Sign documents - OFF
      2. Sign assertions - ON
  2. Scroll up and go to the keys section 
    1. Make sure "Signing keys config" and "Encryption keys config" are turned off
  3. Go to the Advanced section 
    1. Paste in Assertion Consumer Service POST Binding URL = Blumira ACS URL (https://auth.blumira.com/login/callback?connection=<SPECIFIC NAME>)
  1. Before returning to the Blumira SSO configuration, you need to obtain the certificate. 
  2. In the bottom left of your screen, click on "Realm Setting".
  3. Select the Keys tab.
  4. Locate the RS256 row and click on Certificate to view or download it.
 
  1. Now that you're back on Blumira, complete the required fields:
    1. Domain: Enter the domain of your email address.
    2. Signing Certificate: Paste the X.509 certificate obtained from the RS256 line.
Warning
 Do not forget to include the following header and footer -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
    1. Sign In Endpoint: https://ca.auth.kzero.com/realms/<REALM NAME>/protocol/saml
    2. Sign Out Endpoint: https://ca.auth.kzero.com/realms/<REALM NAME>/protocol/openid-connect/logout
  1. Finally, click on Save to apply your changes.


Quote

Congratulations! The configuration is now complete. Login Process, when you log in using your email address, you will be redirected to Multi-Pass. Choose the digital option to receive a push notification for authentication.

Notes
Note on Two-Factor Authentication (2FA):
Please note that Blumira currently does not allow disabling 2FA, even when an external SSO like Multi-Pass is configured. This feature may be implemented in the future.

    • Related Articles

    • HaloPSA - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for HaloPSA using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Auvik - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Auvik using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Datadog - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Datadog using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Trend Micro - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Trend Micro using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Zendesk - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Zendesk using MPAS. SSO simplifies user authentication by allowing access to multiple ...