Specific Role Required to Configure SSO
To configure SSO for your program, you must be an Organization Owner.
(Organization Owners still has the option to login via Username/Password)
Security Assertion Markup Language (SAML) is an XML-based standard for single sign-on (SSO) authentication that creates a simplified way to access applications that you have rights to use. Bugcrowd offers a SAML-based SSO integration with Centrify to help you create an easy and centralized way to log in to Crowdcontrol.
The first thing you need to do is log in to your Centrify Admin Portal and add Bugcrowd to your apps. This will allow you to configure the Centrify settings for logging in to Crowdcontrol.
In the Admin Portal, click Apps, and then click Add Web Apps.
When the Add Web Apps screen appears, click Custom.
On the Custom tab, click Add next to the SAML application. When the Add Web App screen appears, click Yes to add the application.
Close the Application Catalog. The settings page for application that you have just added will appear.
You will now begin the set up process. To get the information you need for this screen you will need to log in to your Bugcrowd account.
From Crowdcontrol, go to your Organization Settings.
When the Organization settings appear, select Authentication.
Then click the Single Sign-on (SSO) option.
When the SAML settings appear, copy the SAML Consumer URL and then navigate back to your Centrify account.
Bugcrowd only supports logouts Identity Provider (IdP) initiated logouts, which means that logging out of Bugcrowd will not log you out of your SSO provider.
Navigate back to Centrify to the screen you left off on.
In the Assertion Consumer Service URL field, paste the SAML Consumer URL you copied from your Bugcrowd.
Navigate to the Advanced settings page.
In the setAudience field, paste the SAML Consumer URL you copied from your Bugcrowd account to replace “example-audience-value”. Keep the quotes.
After you paste the code, you will need to delete everything after the organization code. For example, if the full URL code is bugcrowdsandbox.com/organizations/mregwrnqpy/sso/acs, for this setting it would be bugcrowdsandbox.com/organizations/mregwrnqpy.
Save your changes.
Next, you will need to map Centrify information over to Crowdcontrol. Keep the Centrify SAML Application Settings screen open, and open a new window or tab. In the new window, navigate back to the Single Sign-On screen in Crowdcontrol and scroll down the SAML Settings section.
In the IdP Entity ID field, paste the Centrify Issuer information.
In the IdP SSO Target URL, paste the Centrify Identity Provider Sign-in URL information.
From the Centrify screen, click Download under the Security Certificate section. Open the downloaded certificate in a text editor and copy the entire contents of the file.
In the IdP Certificate field paste the copied text.
Domain Verification is Required for SSO to function properly
Lastly, all domains must be verified by Bugcrowd. Users will not be able to login until domains are verified.
Navigate back to the Crowdcontrol and go to the Organization Settings and select Domains.
Enter the domain and then click Add domain.
A verification code will be provided. Add a TXT record at the domain's root with this code. DNS verification may take up to 24 hours to succeed.
Consult your DNS provider for instructions on adding a TXT record. Contact email@example.com for any additional help verifying domains.