Setting Up Single Sign-On Through SAML

Bugcrowd offers a Security Assertion Markup Language (SAML) based Single Sign-On (SSO) integration with Okta, Centrify, OneLogin, Ping Identity, and Google to help you create an easy and centralized way to log in to Crowdcontrol. SAML is an XML-based standard for SSO authentication that creates a simplified way to access the applications that you can use.

Specific Role Required to Configure SSO: To configure SSO for your program, you must be an Organization Owner. Organization Owners can log in using Username and Password.

To setup SSO through SAML:

  1. In Crowdcontrol, go to Organization, click Settings, and then click Authentication.

    click-authentication

  2. Click Single Sign-on (SSO).

    single-sign-on

    The Single Sign-On Settings section is displayed.

  3. Make a note of the Single sign on URL and SP Entity ID.

    single-sign-on-settings

    This information is required for adding Crowdcontrol to your third-party account.

    Single Logout: Bugcrowd only supports logouts Identity Provider (IdP) initiated logouts, that is logging out of Bugcrowd will not log you out of your SSO provider.

  4. In the SAML Settings section, you must add information from the third-party tool for the following fields:

    • IdP Entity ID
    • IdP SSO Target URL
    • IdP Certificate

    saml-settings

  5. Click Save Authentication Settings.

Verifying Domain

After setting up SSO, all the domains must be verified by Bugcrowd. You will not be able to log in until the email address domains are verified.

  1. In Crowdcontrol, go to Organization, Settings and then click Domains.

    click-domains

    The Domain verification page is displayed.

  2. Specify the domain and click Add Domain.

    add-domain

    A verification code is displayed.

  3. Add a TXT record at the domain’s root with this code.

    unverified

    DNS verification may take up to 24 hours to succeed.

    For information about adding a TXT record, consult your DNS provider. For any additional help verifying domains, submit a support ticket through the Bugcrowd Support Portal.