Skip to main content

How to set up SAML SSO

Configure and enable SAML SSO for your Blink instance

Written by Margaret Greer
Updated today

SAML single sign-on (SSO) lets your employees sign in to Blink using their existing work account - no separate Blink password needed. This guide covers the full setup: enabling SAML in Blink, configuring your identity provider, and completing the connection.

How do I set up SAML SSO in Blink? SAML single sign-on (SSO) lets users authenticate through your identity provider instead of a separate Blink password. Setup has three stages: enable SAML in the Blink admin portal, configure Blink as an application in your identity provider, then upload the identity provider metadata file back into Blink.

✅ Why SAML SSO matters

• One credential for everything - users don't need a separate Blink password

• Remove access in your identity provider and it takes effect in Blink immediately

• Meets enterprise security and compliance requirements

• Works with Microsoft Entra ID, Google Workspace, and any SAML 2.0 provider

⚠️ Organization Admins only. Only Organization Admins can configure authentication settings in the Blink admin portal.

📖 New to Blink authentication? Read Authentication Methods for an overview of all sign-in options before starting this setup.

🔑 How do I enable SAML in the Blink admin portal?

This step tells Blink to use SAML and generates the configuration URLs your identity provider will need.

  1. Open the Blink app and go to the admin portal via the in-app menu.

  2. Select Authentication.

  3. Select SAML and click Save changes.

  1. A set of configuration URLs will appear. Keep this page open - you will need these in the next step.

  2. If your identity provider supports metadata XML import (for example, Microsoft Entra ID), download the metadata file now using the button shown.

⚙️ How do I configure my identity provider?

Blink supports any SAML 2.0-compliant identity provider. Follow the guide for your provider below.

Microsoft Entra ID

  1. Go to the Microsoft Entra admin center and sign in.

  2. Navigate to Applications > Enterprise applications > All applications.

  3. Click New application, search for Blink, and add it.

  4. In the Blink application, go to Manage > Single sign-on and select SAML.

  5. Click Upload metadata file and select the file you downloaded from Blink. Click Save.

  6. In the Attributes and Claims section, click the edit (pencil) icon.

  1. Click the three dots next to Unique User Identifier (Name ID).

  1. Set Name identifier format to Email address. Set Source attribute to the attribute containing the user's login email (typically user.mail). Click Save.

  1. Download the Federation Metadata XML file. You will use this in Step 3.

  2. Assign users: go to Users and groups, click Add user/group, and select everyone who needs Blink access. You can add a group or individual users.

  3. Continue to How do I add my identity provider metadata to Blink?

Google Workspace

  1. Go to the Google admin console and sign in.

  2. Navigate to Apps > Web and mobile apps.

  3. Click Add app > Add custom SAML app.

  4. On the Google identity provider details page, download the IDP metadata file. You will use this in Step 3.

  5. Name the application (for example, "Blink") and click Continue.

  6. Enter the ACS URL and Entity ID from the Blink SAML settings page.

  7. Check Signed Response. Set Name ID to Primary Email and Name ID format to EMAIL. Click Finish.

  8. On the app detail page, click Edit service and enable the app for all users or the relevant organizational units. Click Save for each unit.

  9. Continue to How do I add my identity provider metadata to Blink?

Other identity providers

Blink supports any SAML 2.0-compliant provider. Use the ACS URL and Entity ID from the Blink SAML settings page to configure your provider. Download the metadata XML from your provider to use in Step 3.

📋 How do I add my identity provider metadata to Blink?

The final step connects your identity provider to Blink by importing the metadata.

  1. Return to the Blink admin portal > Authentication page.

  2. Click Read metadata file and select the XML file downloaded from your identity provider.

  1. If you don't have a metadata file, click Or enter details manually and fill in the four fields with details from your identity provider.

  2. Click Save changes.

SAML SSO is now active. Users who sign in with their email address will authenticate through your identity provider.

🔒 SAML SSO is available on Pro and Enterprise plans. If you are on Core, contact your account manager to discuss upgrading.

❓ FAQs

Does SAML SSO apply to users who sign in with a phone number?

No. SAML only applies to users signing in with their email address. Users who sign in with a phone number always authenticate via SMS one-time passcode (OTP), regardless of the authentication setting.

Can I use an identity provider not listed in this guide?

Yes. Blink supports any SAML 2.0-compliant identity provider. Use the ACS URL and Entity ID from the Blink SAML settings page to configure your provider. The metadata XML import is the simplest setup method if your provider supports it.

What do I do if users cannot sign in after enabling SAML?

Check these in order: (1) confirm the metadata file in Blink matches what your identity provider generated; (2) verify the user is assigned to the Blink application in your identity provider; (3) confirm the Name ID format is set to email address in your identity provider. If the issue persists, contact Blink Support.

What admin permissions do I need to configure SAML in Blink?

You need Organization Admin access in Blink. You will also need sufficient permissions in your identity provider - for example, a Global Administrator or Application Administrator role in Microsoft Entra ID.

Will enabling SAML sign out users who are currently signed in?

No. Existing sessions are not immediately affected. Users will authenticate through SAML the next time they sign in. We recommend testing with a small group before enabling SAML for your whole organization.

🚀 What's next?

Now that SAML SSO is configured, here's how to take it further:

Related Articles
One Login
How to Configure SAML 2.0 for Blink with Okta
Authentication Methods
SSO into third party systems
Using a central authentication service to support users to join Blink
Did this answer your question?