Single sign-on (SSO) and SCIM process overview

Applies to:

  • Revu 

You can implement single sign-on (SSO) and SCIM for your Bluebeam subscriptions, which will allow you and your users to log into Revu 21, Studio, and Bluebeam Cloud with your SSO credentials instead of a Bluebeam ID (BBID).

While this article provides a high-level overview of the process to request and configure SSO and SCIM for your organization, configuring SSO does not require that you also configure SCIM. You may configure only SSO.

The ability to configure SSO and SCIM is only available if your organization:

  • Has purchased or converted a minimum of 50 seats to a Bluebeam subscription plan.
  • Is not already configured to use SSO with Bluebeam products and services. If your organization already has SSO configured, contact us before continuing.
  • Is not utilizing Studio Prime integrations.
  • Has users located only in the US region.
    You may have multiple domains within the US region.
  • Studio Prime integrations are not yet compatible with SSO, so you should consider that before qualifying. For Partners, reach out to your Channel Account Manager for details. If you are not a Partner, send an email to Bluebeam Technical Support or reach out to your Account Manager.
  • Bluebeam does not yet support Security Assertion Markup Language (SAML) for managing authentication.

1. Request SSO and SCIM integration for your organization

Log in to the Bluebeam Org Admin Portal and perform the following steps to request access to configure SSO and SCIM:

  1. Select Account Settings > Security.

  2. Next to SSO Configuration, select Request Access.

  3. Provide the requested information.

After we receive your request, we’ll verify that your organization qualifies for SSO and SCIM integration. After verification, we'll contact you to continue the process and set up an IT Admin who will perform the SSO and SCIM configuration.

2. Begin SSO configuration

Bluebeam Technical Support adds the administrator as an IT Admin for your organization. Afterward:

  1. The IT Admin logs into the Org Admin Portal and enters information to claim and verify domains and to start the SSO configuration process.
  2. The IT Admin initiates the SSO configuration process by providing requested information about their IdP and user attributes.
  3. The IT Admin creates the SSO application in the IdP for their organization.

3. Testing

The IT Admin is prompted to log in to test the SSO connection and configuration.

If the test is successful, the IT Admin is prompted to share a test link with users who have existing Studio accounts.

4. Reconcile users and activate SSO

During the reconciliation process, the IT Admin uploads a list of their users' email addresses to allow us to match them with existing Bluebeam IDs (BBIDs). These email addresses must match the users’ Studio BBID email addresses.

If we find email addresses we can't match to BBIDs, the IT Admin performs steps to match email addresses to BBIDs, and then activate SSO.

5. Configure SCIM

Perform steps in both the Org Admin Portal and your IdP to create a connection between the Org Admin Portal and your identity provider. This connection allows you to manage the Bluebeam users (and their Bluebeam Plans) in your organization through your identity provider.