Technical Documentation | Bluewater

Technical documentation

This section provides reference materials to API’s, integration guides and other documentation relevant to the Bluewater Control platform.

Single Sign-On (SSO)

Overview

SSO is an authentication service that allows a user to use single login to access multiple applications. SSO uses Security Assertion Markup language (SAML) for exchanging authentication between the applications.

The Bluewater platform offers a Single Sign On (SSO) capability through Security Assertion Markup Language (SAML) protocol version 2.0. It allows users to access the Bluewater portal using usernames and passwords from their corporate Federation Service. This means your users can use one login to access all your platforms rather than managing separate passwords and you get to manage who can access the Bluewater portal and what they can see once they are logged in.

Once your users have been authenticated to access the portal, you can then configure different profiles and assign users to each profile to ensure that they have the proper Cost Centre access and permissions in the Bluewater portal.

SAML

Security Assertion Markup Language (SAML) is an open-standard for exchanging authentication and authorization data between two parties ie., Service Provider (SP) and Identity Provider (IdP).

Service Provider agrees to trust the Identity Provider for authenticating the user. Identity Provider generates authenticating assertion for the user and communicate that with Service Provider.

The most important use case that SAML addresses is web browsers single sign-on (SSO). Single sign-on can be established between different domains.

Benefits

1. Business Data Synchronisation

Reduce the time and effort for Admin to create user logins, and login management (password resets, access changes etc).

2. Leverage existing content
Using your existing infrastructure to manage user’s access to Bluewater, as well as remove access for those Users who have left your organisation. By utilising your Federation Service, this enables all your staff to use the Bluewater platform.
3. Time savings

Reduce the number of passwords users must remember and streamline the authentication process.

4. Increased security
By applying the Company’s password security policy to the Bluewater login, accessible only behind the Corporate firewall, there is no risk to your organisation when users leave, as users who are accessing the Bluewater platform have been authenticated from a central control point (exist in your Active Directory) and are authorised (have the relevant permissions/access).

How SSO Works?

  1. When a User accesses the Bluewater Portal from within your network Bluewater (Service Provider) will generate a SAML request to an SSO URL for authentication.
  2. The Bluewater customer (Identity Provider) parses the SAML request, authenticates user and generates a SAML response to Bluewater to authorise the user’s access.
  3. Bluewater will verify the SAML response and allow the User to log in.
  4. If a user record is not found in Bluewater, Bluewater will auto-provision the user with the additional attributes provided in the SAML response and assign the user with permissions that correspond to the user group mapping.

How to enable SSO for your Bluewater Portal?

1. Decide your IdP: Your Identity Provider is the one who authenticates and authorizes user to perform an action. It can be:
  • Automatically scheduled, ServiceNow initiated, one-way push synchronisation of your Cost Centre and Employee data from your ServiceNow instance into Bluewater.
  • Removes any required management of this data in Bluewater, ensuring your Telco portal is always up to date.

2. Ask the Bluewater Implementation / Customer Success team for an SSO Federation Requirement Questionnaire to commence the set-up process. In this questionnaire you will be asked for Identification Details and your IdP metadata or settings.

Bluewater will enable the SSO for your portal and contact your Administrator to configure Access Levels for Bluewater logins. e.g.:

  • Level 1 Access: See Control module only
  • Level 2 Access: See Procurement module only
  • Level 3 Access: See full admin access
3. Get the Bluewater Service Provider metadata from the following link and import it into your Federation Service. https://sso.bluewatercontrol.com/metadata.ashx

ServiceNow Connector

Note: In development for Q2 2020 release.

Overview

Bluewater customers can now seamlessly integrate their ServiceNow instance into Bluewater with ease. Created to allow you to leverage your existing ServiceNow workflows into Bluewater, without the complexity, effort and cost involved in a custom integration. The Connector will be available to Bluewater clients free of charge in the Bluewater ServiceNow store.

The key features of the connector are:

1. Business Data Synchronisation
  • Automatically scheduled, ServiceNow initiated, one-way push synchronisation of your Cost Centre and Employee data from your ServiceNow instance into Bluewater.
  • Removes any required management of this data in Bluewater, ensuring your Telco portal is always up to date.
2. Asset Data Synchronisation
  • Automatically scheduled, ServiceNow initiated, two-way push and pull synchronisation of employees, devices and service assets and relationships.
  • Ensures any devices procured are maintained within Bluewater for Telecom & Mobility reporting, while keeping ServiceNow CMDB.
3. Procurement
  • Leverage the power of Bluewater’s mobility catalogue through your ServiceNow instance for procurement.
  • Regular, one-way synchronisation of your hardware/ service plan catalogue from Bluewater into your ServiceNow catalogue.
  • Custom workflow allows you to create event driven submission of approved ServiceNow orders into Bluewater, which then flow on to your Telecom Managed Service Provider.
  • Regular polling of Bluewater for Order updates and an update of status within your ServiceNow instance. 
4. Service Configuration [Assist]
  • Managing a mobile fleet requires many support actions post procurement; for example, Transfer of Ownership. The connector will allow these types of common tasks to be instigated and managed in your ServiceNow instance, leveraging the forms within Bluewater that your Telecom Managed Services Providers require.
  • Regular polling of Bluewater for Service Configuration Order updates and an update of status within your ServiceNow instance.