SSO is an authentication service that allows a user to use single login to access multiple applications. SSO uses Security Assertion Markup language (SAML) for exchanging authentication between the applications.

The Bluewater CONNECT platform offers a Single Sign On (SSO) capability through OpenID Connect and OAuth2.0 protocols. It allows users to access the Bluewater portal using their identity provider of choice. This means your users can use one login to access all your platforms rather than managing separate passwords and you get to manage who can access the Bluewater portal and what they can see once they are logged in. 

Once your users have been authenticated to access the portal, you can then configure different profiles and assign users to each profile to ensure that they have the proper Cost Centre access and permissions in the Bluewater portal. 


  1. Business Data Synchronisation
    Reduce the time and effort for Admin to create user logins, and login management (password resets, access changes etc).

  2. Leverage existing content
    Using your existing infrastructure to manage user’s access to Bluewater, as well as remove access for those Users who have left your organisation. By utilising your Federation Service, this enables all your staff to use the Bluewater platform.

  3. Time savings
    Reduce the number of passwords users must remember and streamline the authentication process.

  4. Increased security
    By using the Company’s identity provider you can ensure that passwords meet your minimum requirements, MFA is enforced for the organisation, there is no risk to your organisation when users leave, as users who are accessing the Bluewater platform have been authenticated from a central control point and are authorised. 

How SSO works?

1.    When a User accesses the Bluewater CONNECT Portal the user will be redirected to your internal identity provider. 

2.    The identity provider will issue an OAuth2.0 compliant token. 

3.    Bluewater CONNECT will verify the token with introspection if available or cryptographically if the provider haven’t implemented the introspection endpoint. 

4.    Based on the information in the token a new token will be issued from our internal identity provider that will allow access to the platform. 

5.    If a user record is not found in Bluewater, Bluewater can auto-provision the user. 

How to enable SSO for your Bluewater CONNECT Portal?

1.    Decide your IdP: Your Identity Provider is the one who authenticates and authorizes user to perform an action. It can be: 

o   Third party vendor (e.g. Entra, Okta, Google, OneLogin) 

o   Your own application 

2.    Go to your portal settings and simply input the required fields. The Bluewater Implementation / Customer Success team are always there to help you out if you need assistance. 

3.    Open a new (or incognito) browser and check if the flow is configured correctly. 

Ready to get started?

Find out how Bluewater can help you save time and money to achieve a positive ROI.