Specific Role Required to Configure SSO
To configure SSO for your program, you must be an Organization Owner.
(Organization Owners still has the option to login via Username/Password)
Security Assertion Markup Language (SAML) is an XML-based standard for single sign-on (SSO) authentication that creates a simplified way to access applications that you have rights to use. Bugcrowd offers a SAML-based SSO integration with OneLogin to help you create an easy and centralized way to log in to Crowdcontrol. If you don't have OneLogin set up, you should read their getting started guide.
The first thing you need to do is log in to your OneLogin account and add Bugcrowd to your apps portal. This simply allows you to configure the OneLogin settings for logging in to Crowdcontrol.
To add the Bugcrowd app, select Apps > Add Apps.
Add apps from OneLogin
Search for 'Bugcrowd.'
Search for Bugcrowd apps
Select the Bugcrowd app.
Select the Bugcrowd app
When the Configuration form appears, you can modify any of the configuration settings that control how the Bugcrowd app appears in your portal and the connector version you want to use. You must choose the SAML 2.0 option as your connector.
Configure the Bugcrowd app
After you make your changes, save the settings. A new set of tabs appear that let you configure rules, parameters, SSO, access policies, and users for the Bugcrowd app.
Select the SSO tab.
The SSO tab
Select X.509 Certificate (View Details) for additional information.
- Use SHA1
- X.509 Certificate
This page displays all of the information you'll need to add to Crowdcontrol later. Keep the following information readily available:
- The x.509 certificate and its fingerprint
- The issuer URL
- SAML 2.0 endpoint
- SLO endpoint
Now that you've added Bugcrowd to your apps portal in OneLogin, you're ready to configure Crowdcontrol to use the single sign-on service.
From Crowdcontrol, go to your Organization Settings.
Go to your Organization Settings
When the Organization Settings appear, select Authentication.
Select the Authentication tab
Then click the Single Sign-on (SSO) option.
Select the Single Sign-on option
When the SAML Settings appear, enter in the data you saved from OneLogin earlier.
Add the SSO settings from OneLogin
Bugcrowd only supports logouts Identity Provider (IdP) initiated logouts, which means that logging out of Bugcrowd will not log you out of your SSO provider.
The option names on the Single Sign-on form in Crowdcontrol do not map exactly to the ones in OneLogin. To help you figure out what's what, here's a mapping for each option in Crowdcontrol to each option in OneLogin:
SSO option mappings
IdP Certificate Fingerprint
IdP Entity ID
IdP SSO Target URL
SAML 2.0 endpoint
IdP SLP Target URL
When you add the X.509 certificate, you need to copy everything the entire contents of the certificate, including the BEGIN and END headers, as shown below.
-----BEGIN CERTIFICATE----- TTDMTSCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV m3LtH40luvg0sd0ng4evAT0mMYh4rdYDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMTIxMjMwMDg1OTQ0WjBF t4c0fN746vaInA1KxYEeI1Rx5KXY8zIdj6a7hhphpj2E04LDdw7r495dv3UgEgpR C3Fayua4DRHyZOLmlvQ6tIChY0ClXXuefbmVSDeUHwc8YufRAERp2GfQnL2JlPUL B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSbq094NBxsauYcm0A6Jq vA== -----END CERTIFICATE-----
After you are done, save the settings. Crowdcontrol displays the SSO configuration for your program. Copy the top line item "Onelogin SAML Code" as you will need it in the next step.
Single Sign-on configuration for your company
Navigate back to your Onelogin account and head to the Bugcrowd "Configuration" tab. Paste the "Onelogin SAML Code" you just received in Crowdcontrol the step before this.
Onelogin configuration screen
All domains must be verified by Bugcrowd - users will not be able to login until the email address domains are verified.
Navigate back to the Crowdcontrol platform 'organization settings' page - select 'domains'.
Select the domains tab
Enter the domain and then select 'add domain'
A verification code will be provided - add a TXT record at the domain's root with this code. DNS verification may take up to 24 hours to succeed.
Copy and paste verification code as a TXT record
Consult your DNS provider for instructions on adding a TXT record
Contact email@example.com for any additional help verifying domains
After you have enabled SSO, your team members can navigate to the Company Apps area of OneLogin and click the Bugcrowd app to log in. If SSO is set up properly, members will be logged in to Crowdcontrol.