Specific Role Required to Configure SSO
To configure SSO for your program, you must be an Organization Owner.
Organization Owners can log in using Username and Password.
Bugcrowd offers a Security Assertion Markup Language (SAML) based Single Sign-On (SSO) integration with OneLogin to help you create an easy and centralized way to log in to Crowdcontrol. SAML is an XML-based standard for SSO authentication that creates a simplified way to access the applications that you can use. If you do not have OneLogin set up, see getting started guide.
The steps to configure OneLogin for SSO are:
- Log in to your OneLogin account.
- Select Apps > Add Apps.
- Search for Bugcrowd.
- Select the Bugcrowd app.
The Configuration page is displayed.
- Modify any of the configuration settings that control how the Bugcrowd app appears in your portal and the connector version you want to use. Select SAML 2.0 as your connector.
- Save the settings.
A new set of tabs appear that allow you to configure rules, parameters, SSO, access policies, and users for the Bugcrowd app.
- Select the SSO tab.
- Select X.509 Certificate (View Details) for additional information.
- Use SHA1
- X.509 Certificate
This page displays all the information that is required for adding to Crowdcontrol later. Make a note of the following information:
- X.509 certificate and its fingerprint
- Issuer URL
- SAML 2.0 endpoint
- SLO endpoint
- In Crowdcontrol, click your profile.
- Click Authentication.
- Click Single Sign-on (SSO).
The SAML Settings page is displayed.
- Specify in the information you saved from OneLogin in the earlier section.
Add the SSO settings from OneLogin
Bugcrowd only supports logouts Identity Provider (IdP) initiated logouts, that is logging out of Bugcrowd will not log you out of your SSO provider.
The following table provides the Crowdcontrol fields mapped to OneLogin fields.
IdP Certificate Fingerprint
IdP Entity ID
IdP SSO Target URL
SAML 2.0 endpoint
IdP SLP Target URL
When you add the X.509 certificate, you must copy and paste the entire contents of the certificate, including the BEGIN and END headers as shown.
-----BEGIN CERTIFICATE----- TTDMTSCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV m3LtH40luvg0sd0ng4evAT0mMYh4rdYDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMTIxMjMwMDg1OTQ0WjBF t4c0fN746vaInA1KxYEeI1Rx5KXY8zIdj6a7hhphpj2E04LDdw7r495dv3UgEgpR C3Fayua4DRHyZOLmlvQ6tIChY0ClXXuefbmVSDeUHwc8YufRAERp2GfQnL2JlPUL B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSbq094NBxsauYcm0A6Jq vA== -----END CERTIFICATE-----
- Save the settings.
Crowdcontrol displays the SSO configuration for your program.
- Copy the Onelogin SAML Code.
Single Sign-on configuration for your company
- Go back to your Onelogin account and navigate to the Bugcrowd Configuration tab. Paste the Onelogin SAML Code.
All domains must be verified by Bugcrowd. You will not be able to login until the email address domains are verified.
- In Crowdcontrol, click your profile and then click Domains.
The Domain Verification page is displayed.
- Specify the domain and then click ADD DOMAIN.
A verification code is displayed.
- Add a TXT record at the domain's root with this code.
DNS verification may take up to 24 hours to succeed.
For information about adding aTXT record, consult your DNS provider.
For any additional help verifying domains, contact [email protected].
After you have enabled SSO, your team members can navigate to the Company Apps area of OneLogin and click the Bugcrowd app to log in. If SSO is set up properly, members will be logged in to Crowdcontrol.
Updated 3 months ago