Get started with Single Sign-on (SSO)

Configure Single sign-on with an identity provider to control access

Introduction

Single sign-on (SSO) ensures a centralized and secure way of controlling access to BrowserStack. This means that a single set of credentials can be used by your users to access multiple different applications. When you integrate BrowserStack with your Identity Provider, you can:

  • Control access to BrowserStack via your Identity Provider (IdP).
  • Allow your users to log in to BrowserStack with their IdP accounts.
  • Manage your accounts in one central location - the IdP.

What’s supported?

We support both IdP-initiated as well as SP-initiated SSO, which means that you can connect from your identity provider of choice directly into BrowserStack.

Who can set up SSO?

  • User with owner permissions can setup SSO on BrowserStack.
  • If needed, owner can also allow SSO setup access to one of the organization admin.
    • Go to Settings & Permissions
    • Click Permissions
    • Click Authentication & Security Settings
    • Check Allow a Group admin to configure SSO and AUP. Enter the email address of the admin.
    • Click Save

Select SSO authentication standard

Follow the steps below to get started with the SSO setup:

  1. Go to Account -> Settings & Permissions and select the Security tab.

  2. Under Single Sign On (SSO), click Configure. Under Single Sign On (SSO), click Configure

  3. Choose your authentication service:

Standard Description
SAML 2.0 For SAML 2.0, currently you can setup connector with the following IdPs:
- Okta
- Azure AD
- OneLogin
- ADFS
If your preferred IDP doesn’t have a connector with BrowserStack, you can use Open SAML
Google OAuth Authentication via Google’s OAuth connector.
Google OAuth

If you are not able to connect using Open SAML Connector, please connect with your account manager to assist you in setting up a custom SSO connector.

Configuring SSO with SAML

Post you have followed the instructions mentioned in the above section, you can follow the steps below to enable SSO using SAML 2.0:

1. Select Identity Provider (IdP)

We use SAML 2.0 which means you can use any Identity Provider that supports this protocol. We’ve also partnered with a couple of Identity Providers in offering third party connectors to BrowserStack. Configuration steps depend on the Identity Provider you use:

Select Identity Provider for SAML SSO authentication

If your preferred identitiy provider doesn’t have a connector with BrowserStack, you can use our Open SAML connector option.

2. Set up SAML configuration

  • Once you select the Identity Provider and click Next, you will be directed to configuration settings which are required to set up BrowserStack app on your IdP.
  • Copy the settings(ACS URL etc.) from BrowserStack and then fill the Entity ID, SSO URL, and Certificate fields (which you will get from your Identity Provider).
  • Please note that we require the NameID to contain the user’s email address.
Note: If you are not able to connect using Open SAML Connector, please connect with your AE or SE and we will assist you in setting up a custom SSO connector.

3. Test your SSO configuration

Before enabling SSO for your entire organization, you can test the SAML configuration from the Service Provider configuration to make sure that your connection is working. You can initiate the test by clicking Test Setup. If the connection is working fine, you will be taken to your Identity Provider, authenticated and redirected to a page containing the SAML response received from the identity provider.

4. Enable SSO

Once you have tested your configuration and are confident that SSO is working, you can Enable the Single Sign-on for your Organization on BrowserStack. The SSO setup is complete.

5. Assign users on BrowserStack

In the case of SAML SSO, to allow your existing users to continue using BrowserStack, assign these users BrowserStack app on your Identity Provider. This will force all the members to log in with SAML SSO instead of their username/password. Also, an email will be sent to users notifying them about the change.

Frequently asked questions

Don’t see a connector for your Identity Provider?

For Identity Provider other than Okta, OneLogin, Azure AD, ADFS, we support Open SAML connector. You can also get in touch with your Account Manager to get a custom SSO connector built.

Do I need meta-data file for SSO setup (using SAML 2.0)?

You don’t need a meta-data file for SSO setup using SAML 2.0 on BrowserStack. The required meta for setting up SSO using SAML 2.0, is provided in the configuration/settings page in the self-serve SSO flow.

How to give SSO access to existing BrowserStack users?

Assign the Browserstack app on your IDP to these users. This will allow these users to login into BrowserStack via SSO.

How to disable SSO?

Once you have enabled SSO, you can disable(if needed) the SSO setup from Account -> Settings & Permissions.

  • Select the Security tab and click Disable.
  • Users will be logged out of BrowserStack and they can log in with their old username/password combination or reset their password.
Note: Integrate with your Identity Provider via SCIM to provision and de-provision users on BrowserStack. Learn more

We're sorry to hear that. Please share your feedback so we can do better







Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback

Is this page helping you?

Yes
No

We're sorry to hear that. Please share your feedback so we can do better







Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback!

Talk to an Expert
Talk to an Expert