You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Glider Administration > Setting up SSO for GliderBIM
Setting up SSO for GliderBIM
print icon
Steve Rukuts
Jun 17, 2025
views icon 332

Firstly, you must set up a GliderBIM profile for your identity provider. If you use multiple gliderbim instances, such as EU, UK or a custom private instance, you must set up a profile for each one. The easiest way to get started is to load our identity provider metadata:

 

This will describe to your identity provider how to send a request. Some identity providers do not support metadata loading however. The ACS url is displayed below, and if required the Authn certificate is available in the metadata URL as shown above. You should ensure that both requests and assertions are signed if possible, but if only assertion signing is available, the system can be configured for this.

 

  • EU: https://app.gliderbim.com/sso/saml
  • UK: https://uk.gliderbim.com/sso/saml
  • Private: https://<private-instance-hostname>/sso/saml

You should ensure that both requests and assertions are signed. The default in Entra is to not sign the request, but you can configure it here:

Configuration notes for Entra (formerly Azure AD)

Request Signing

GliderBIM requires that both requests and assertions are signed, but the default in Entra is to only sign assertions. To configure this, please follow these steps:

 

  1. Sign in to the Microsoft Entra admin center as a Cloud Application Administrator or higher.

  2. Navigate to Entra ID > Enterprise applications > All applications and locate your application

  3. In the application’s left pane, select Single sign-on.

  4. Under the SAML Signing Certificate heading, click the Edit icon (pencil).

  5. In the Signing Option dropdown, select Sign SAML response and assertion.

  6. Click Save to apply the new settings

For more information, please see Microsoft's documentation on Advanced Certificate Signing.

JIT Provisioning with Entra

JIT Provisioning requires a 'Name' claim is sent with each request, in order to provision a new user:

  1. Find the SAML enterprise application as described above
  2. In Single sign-on > SAML > User Attributes & Claims, click 'Edit' (pencil)
  3. Click Add to add a new claim:
    • Specify the name as Name
    • Leave the namespace blank
    • For source, choose a value appropriate for your directory. Some common values are:
      • user.givenname
      • user.displayname
      • user.givenname + " " + user.surname
  4. Click Save

Testing

To begin testing the SSO configuration, please raise a ticket with our support team. Please copy and edit this ticket template:

 

Hello, I would like to request to set up SSO for my users.

 

Email domain: example.com
GliderBIM instance URL: app.gliderbim.com/uk.gliderbim.com/private-instance.example.com (delete as appropriate)

Identity provider type: Entra/Okta/Duo/SecureAuth/Other (delete/edit as appropriate)

 

Specify metadata (choose one):

Metadata URL: <url>

Or: I have attached my metadata XML document to this email

 

Thanks, [your name]

If you are not the GliderBIM administration contact at your company, please ask your GliderBIM administrator to send this on your behalf, and CC you.

 

We will load the metadata document into our system and update the ticket. We will set the SSO provider up in test mode, so that users will continue to use their username and password to log in, but you can test the SSO provider by appending sso_test=1 to the query string, for example:

 

Go Live

Once you have tested and confirmed that the SSO integration is working as expected using the test mode, you can update the ticket to let our support team know this. We will then remove the test mode flag, which will enforce the us of SSO for all example.com users.

Feedback
0 out of 0 found this helpful

close button
scroll to top icon