Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM) process overview

You can implement Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM) for your Bluebeam subscriptions, which will allow you and your users to log into Revu 21, Studio, and Bluebeam Cloud with your SSO credentials instead of a Bluebeam ID (BBID).

While this article provides a high-level overview of the process to request and configure SSO and SCIM for your organisation, configuring SSO does not require that you also configure SCIM. You may configure only SSO.

Requirements

The ability to configure SSO and SCIM is only available if your organisation:

• Has purchased or converted a minimum of 50 seats to a Bluebeam subscription plan.
• Is not already configured to use SSO with Bluebeam products and services. If your organisation already has SSO configured, contact us before continuing.
• Uses Microsoft Entra ID or Okta Workforce Identity Cloud as an identity provider (IdP).
• Is not utilizing Studio Prime integrations.

1. Request SSO and SCIM integration for your organisation

Log in to the Bluebeam Org Admin Portal and perform the following steps to request access to configure SSO and SCIM:

1. Select Account Settings > Security.
2. Next to SSO Configuration, select Request Access.
3. Provide the requested information.

After we receive your request, we’ll verify that your organisation qualifies for SSO and SCIM integration. After verification, we’ll contact you to continue the process and set up an IT Admin who will perform the SSO and SCIM configuration.

2. Begin SSO configuration

Bluebeam Technical Support adds the administrator as an IT Admin for your organisation. Afterward:

1. The IT Admin logs into the Org Admin Portal and enters information to claim and verify domains and to start the SSO configuration process.
2. The IT Admin initiates the SSO configuration process by providing requested information about their IdP and user attributes.
3. The IT Admin creates the SSO application in the IdP for their organisation.

3. Testing

The IT Admin is prompted to log in to test the SSO connection and configuration.

If the test is successful, the IT Admin is prompted to share a test link with users who have existing Studio accounts.

4. Reconcile users and activate SSO

During the reconciliation process, the IT Admin uploads a list of their users’ email addresses to allow us to match them with existing Bluebeam IDs (BBIDs). These email addresses must match the users’ Studio BBID email addresses.

If we find email addresses we can’t match to BBIDs, the IT Admin performs steps to match email addresses to BBIDs and then activate SSO.

5. Configure SCIM

Provisioning your user accounts for SCIM could affect how your users sign in to Revu. When you requested SSO and SCIM access, you specified a single region to store license information for your organization, even if you have users in multiple regions. You should inform end users in your organisation of the following:

• The region associated with their Revu accounts after SCIM provisioning.
• When they sign in to Revu, they must select this region, even if they’ve signed in to another region in the past.

• Their geographic location may not match this region.
• They can sign in to any Studio region by following the steps below:
  1. In Revu, open the  Studio panel.
  2. From the Choose Server dropdown, select the Studio Server that you’d like to sign into.
  3. Ensure the “Use my Revu login credentials” checkbox is cleared, and select Sign In.

Enter your BBID email and password and select Sign In.