Get started with Single Sign-on (SSO)

Configure Single sign-on with an identity provider to control access

Introduction

Single sign-on (SSO) allows users access to BrowserStack via an identity provider (IDP) of your choice. When you integrate BrowserStack with your IdP, you can:

  • Control access to BrowserStack via your IdP.
  • Enable your users to be automatically signed-in to BrowserStack with their IdP accounts.
  • Manage your accounts in one central location - the IdP.
Note: In order to setup SSO, you need to be Owner on BrowserStack account and have administrator access on the identity provider(IdP). Owner can also allow SSO setup access to one of the Group admin from Settings & Permissions -> Permissions -> Authentication & Security Settings.

BrowserStack supports both IdP-initiated as well as SP-initiated SSO.

Set up SSO on BrowserStack

BrowserStack allows setting up of SSO using the self-serve method. Follow the instructions below to get started:

Step 1 : Visit Settings section

Go to Account -> Settings & Permissions and select the Security tab. Under Single Sign On (SSO), click Configure.

14-okta-testenable-a

Step 2 : Choose your authentication service

Standard Description
SAML 2.0 For SAML 2.0, currently you can setup connector with the following IdPs:
- Okta
- Azure AD
- OneLogin
- ADFS
If your preferred IDP doesn’t have a connector with BrowserStack, you can use Open SAML
Google OAuth Authentication via Google’s OAuth connector.
Google OAuth

If you are not able to connect using Open SAML Connector, please connect with your AE or SE and we will assist you in setting up a custom SSO connector.

Step 3 : Select IdP and configure settings (required for SAML 2.0)

BrowserStack supports multiple IdP’s for setting up authentication via SAML 2.0. Confiugration steps depend on the identitiy provider (IdP) you use. View the detailed instructions for different identitiy providers:

If your preferred identitiy provider doesn’t have a connector with BrowserStack, you can use our Open SAML connector option.

Once you select the IdP and click Next, you will be directed to IdP specific settings required to set up BrowserStack app on on your IdP. Copy the settings(ACS URL etc.) from BrowserStack. Go to your IdP to get the required settings (Sign-in URL etc.) from IdP and then enter these settings on BrowserStack.

Note: If you are not able to connect using Open SAML Connector, please connect with your AE or SE and we will assist you in setting up a custom SSO connector.

Step 4 : Test and Enable SSO

Test the integration via Test Setup. Upon a successful test, you can Enable the Single Sign-on feature for your Organization. The SSO setup is complete.

Step 5: Once SSO is enabled (required for SAML 2.0)

To allow your existing users to continue using BrowserStack, assign these users BrowserStack SSO app on your IDP. They will be logged out and they can login into BrowserStack via SSO.

Who can set up this SSO Connector?

The Owner of the BrowserStack account can set up SSO.

Note:
  1. For SAML 2.0 : If the Group Owner is not the admin on the identity provider, they can inititate the SSO setup on BrowserStack and share the IdP specific settings (e.g. IDP initiated ACS URL) with their IdP admin. The IdP admin can then visit the IdP, follow the instructions mentioned in the IdP documentation, get the settings (e.g. Sign-in URL, Sign-out URL) and share it with the Owner to complete the SSO setup.
  2. Owner can also allow SSO setup access to one of the Group admin from Settings & Permissions -> Permissions -> Authentication & Security Settings.

Are SP-Initiated or IdP-Initiated SSO supported?

Yes, both SP-initiated and IdP-initiated SSO flows are supported on BrowserStack.

Don’t see connector for your Identity Provider?

For IdP’s other than Okta, OneLogin, Azure AD, ADFS, we support Open SAML connector. You can also get in touch with your Account Executive to get custom SSO connector built.

Do I need meta-data file for SSO setup for SAML 2.0?

You don’t need a meta-data file for SSO setup using SAML 2.0 on BrowserStack. The required meta for setting up SSO using SAML 2.0, is provided in the configuration/settings page in the self-serve SSO flow.

How to give SSO access to existing BrowserStack users after setup?

Assign the Browserstack app on your IDP to these users. This will allow these users to login into BrowserStack via SSO. They will not be able to access their accounts post setup.

How to disbale SSO?

Once you have enabled SSO, you can disable(if needed) the SSO setup from Account -> Settings & Permissions. Select the Security tab and click Disable.

Note: Integrate with your IdP via SCIM to manage users. To know more, visit documentation

We're sorry to hear that. Please share your feedback so we can do better






Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked





Thank you for your valuable feedback

Is this page helping you?

Yes
No

We're sorry to hear that. Please share your feedback so we can do better






Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked





Thank you for your valuable feedback!

Talk to automation expert