Single Sign-On (SSO)
Last updated
Was this helpful?
Last updated
Was this helpful?
Enhance your organization's security and user management capabilities with our Single Sign-On (SSO) support. By integrating with third-party identity providers via SAML and OpenID Connect protocols, we provide a robust and secure authentication mechanism, tailored especially for larger enterprises.
SSO not only centralizes user management but also fortifies security by reducing the number of attack vectors and potential password vulnerabilities.
In addition to SSO, BugSplat also supports federated authentication using Google or GitHub sign-in. This feature is available on all plans and is controlled by individual users. Organizations cannot use it to centralize user management. Learn more .
To setup SSO, your corporate IT team needs the following information:
BugSplat's user pool ID is: us-east-1_rZndGLwmO
BugSplat's SSO domain prefix is This means our SAML assertion endpoint is:
Our SP urn is urn:amazon:cognito:sp:us-east-1_rZndGLwmO
BugSplat support will configure SSO for your organization when supplied with the SAML metadata document generated from your organization. Please send this file to support@bugsplat.com.
Need help setting up your integration? See the following instructions for some popular IdPs. These links are shamelessly copied from the AWS Cognito docs. They discuss both the IdP setup along with the Cognito setup. (BugSplat will perform the Cognito setup on your behalf.)
Active Directory Federation Services (ADFS):
Auth0:
Microsoft Entra ID (formerly Azure Active Directory):
Centrify:
G-Suite:
Okta:
Your BugSplat SAML app should have the following settings:
You must expose the following email address attribute and, optionally, the group attribute.
Note: SSO integration is a premium feature that requires a BugSplat Enterprise subscription.
Groups provided by SSO are matched to groups defined for each of your databases on the Integrations/SSO page. Each database has a group name for access and administration.
For example, you might assign the Groups "BsAccess" and "BsAdmin" to each BugSplat database. Then, users who should have administrator rights would be assigned to the "BsAdmin" role, and users who needed only regular access would be assigned the "BsAccess" role.
Note that the SSO groups will be copied from the current database when creating a new database. So typically, once they are set up, no further group definition will be required.
SSO users can avoid the standard BugSplat login dialog (and thus avoid entering their email address) by saving a link with the following form:
https://cognito.bugsplat.com/oauth2/authorize?response_type=code&client_id=2cto7q004s89cid304op4sfc&redirect_uri=https%3A%2F%2Fapp.bugsplat.com%2Fcognito%2Fredirect.php&identity_provider={your corporate domain}&scope=openid
Replace {your corporate domain} with the domain name of your organization e.g. acme.com
OneLogin:
PingFederate:
You can optionally provide access to BugSplat databases by associating groups with each user that match groups assigned to your BugSplat databases. If no user groups are provided, users can authenticate with BugSplat but won't have access to any company databases until you add them using the or pages.
If SSO Groups are provided to BugSplat, they will override any existing database access permissions. At login time, a user's permissions are reset according to the group rules. After a user logs into BugSplat, you can view their updated access rules on the or pages. You may have to make the "SSO Groups" column visible to view this information.
