Blink is able to work well with an identity provider, or IdP, to help best meet your business needs.
In this article:
How does Blink interact with a 3rd Party Identity Provider (IdP)?
There are two primary connection points for a 3rd party IdP and Blink.
The first is on login - ie Inbound SSO. When a user authenticates with Blink they may enter their email address. Blink looks up the configured authentication mechanism for the account and if set to Single Sign-On (SSO) Blink will send an authentication request to the company’s IdP (either via SAML 2.0 or OpenID Connect for Google/Microsoft accounts). Once the IdP authenticates the user it responds with a signed message containing the user details which Blink uses to log them into the system.
Additionally, an organization may leverage SSO through a 3rd Party Identity Provider for accessing tools and systems in the Hub by adding the IdP’s single sign-on/user access url for that application - Outbound SSO. Depending on the length of time since the last login to the Identity Provider the user may be seamlessly logged in to other applications in the Hub. After the timeout setting for the IdP’s session / cookie (typically between 2 and 24 hours) it may require reauthentication before logging the user into the 3rd party.
It is important to note that Blink is simply opening the Identity Provider’s normal URL in an embedded web browser in this configuration. All existing security settings & rules in the IdP will continue as if accessed outside of Blink.
Can Blink act as an IdP rather than leveraging a 3rd party IdP?
Yes. Blink can be leveraged as an Identity Provider for seamless access to applications on the Hub. In this use case, Blink uses its own authentication information to generate a signed single sign-on response which is passed to the 3rd party Service Provider (SP) to be processed for login.
Some organizations mix and match approaches – with some users utilizing a 3rd party identity provider typically your desk-based employees) and Blink SSO being utilized for your frontline.
Note: Some 3rd party tools & systems may not support multiple Single Sign-On providers.