Single sign-on (SSO) and SCIM process overview

Applies to:

  • Revu 21

You can implement single sign-on (SSO) and SCIM for your Bluebeam subscriptions, which will allow you and your users to log into Revu 21, Studio, and Bluebeam Cloud with your SSO credentials instead of a Bluebeam ID (BBID).

While this article provides a high-level overview of the process to request and configure SSO and SCIM for your organization, configuring SSO does not require that you also configure SCIM. You may configure only SSO.

Requirements

The ability to configure SSO and SCIM is only available if your organization:

  • Has purchased or converted a minimum of 50 seats to a Bluebeam subscription plan.
  • Is not already configured to use SSO with Bluebeam products and services. If your organization already has SSO configured, contact us before continuing.
  • Uses Microsoft Entra ID or Okta Workforce Identity Cloud as an identity provider (IdP).
  • Is not utilizing Studio Prime integrations.
  • Studio Prime integrations are not yet compatible with SSO, so you should consider that before qualifying. For Partners, reach out to your Channel Account Manager for details. If you are not a Partner, send an email to Bluebeam Technical Support or reach out to your Account Manager.
  • Bluebeam does not yet support Security Assertion Markup Language (SAML) for managing authentication.

1. Request SSO and SCIM integration for your organization

Log in to the Bluebeam Org Admin Portal and perform the following steps to request access to configure SSO and SCIM:

  1. Select Account Settings > Security.

  2. Next to SSO Configuration, select Request Access.

  3. Provide the requested information.

After we receive your request, we’ll verify that your organization qualifies for SSO and SCIM integration. After verification, we'll contact you to continue the process and set up an IT Admin who will perform the SSO and SCIM configuration.

2. Begin SSO configuration

Bluebeam Technical Support adds the administrator as an IT Admin for your organization. Afterward:

  1. The IT Admin logs into the Org Admin Portal and enters information to claim and verify domains and to start the SSO configuration process.
  2. The IT Admin initiates the SSO configuration process by providing requested information about their IdP and user attributes.
  3. The IT Admin creates the SSO application in the IdP for their organization.

3. Testing

The IT Admin is prompted to log in to test the SSO connection and configuration.

If the test is successful, the IT Admin is prompted to share a test link with users who have existing Studio accounts.

4. Reconcile users and activate SSO

During the reconciliation process, the IT Admin uploads a list of their users' email addresses to allow us to match them with existing Bluebeam IDs (BBIDs). These email addresses must match the users’ Studio BBID email addresses.

If we find email addresses we can't match to BBIDs, the IT Admin performs steps to match email addresses to BBIDs, and then activate SSO.

5. Configure SCIM

If you're also configuring SCIM, perform steps in both the Org Admin Portal and your IdP to create a connection between the Org Admin Portal and your identity provider. This connection allows you to manage the Bluebeam users (and their Bluebeam Plans) in your organization through your identity provider.

6. Communicate sign in changes to users

Provisioning your user accounts for SCIM could affect how your users sign in to Revu. When you requested SSO and SCIM access, you specified a single region to store license information for your organization, even if you have users in multiple regions. You should inform end users in your organization of the following:

  • The region associated with their Revu accounts after SCIM provisioning.
  • When they sign in to Revu, they must select this region, even if they've signed in to another region in the past.
    If they don't sign in to the correct region, their Bluebeam account information in Revu will appear as "Unpaid," and they'll be unable to access any paid features associated with their Bluebeam Plan.
  • Their geographic location may not match this region.
  • They can sign in to any Studio region by following the steps below:
    1. In Revu, open the Studio panel.
    2. From the Choose Server dropdown, select the Studio Server that you'd like to sign into.
    3. Ensure the "Use my Revu login credentials" checkbox is cleared, and select Sign In.
    4. Enter your BBID email and password and select Sign In.

Subscription

Revu 21

SSO

SCIM

This article contains a high-level overview of the process to request and configure SSO and SCIM for your organization