Using advanced IdP settings
Use the additional information that may be needed during your IdP setup that is not covered in the primary setups, such as Default Relay State.
Default relay state
This section will provide the necessary continue URLs you will need to include in the Default Relay State if you wish to SSO users directly into an app after authentication. Fill in
<DOMAIN>
with the domain used for SP initiated SSO.
- Google Apps: bg_portal_login&continue=https://mail-google-com.btglss.net/a/<DOMAIN>/
- Microsoft 365: bg_portal_login&continue=https://portal.bitglass.com/sso/login/<DOMAIN>/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=
Example: bg_portal_login&continue=https://portal.bitglass.com/sso/login/acme-gadget.com/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=
- Other Apps: Contact Forcepoint ONE SSE support team.
Okta App tile support
If you are protecting applications with Forcepoint ONE SSE using Okta as an IdP and wish to add your apps as a tile in Okta so that users can just login to Okta and launch their apps directly from the portal tiles, you will need to adjust the default relay state on the IdP configuration settings in Forcepoint ONE SSE.
In Okta, set your Forcepoint ONE SSE
Default Relay State to bg_portal_login&continue=https://portal.bitglass.com/idp/init/xxxx/ where XXXX
is the application number associated with the application. You can find
this by right clicking on the application tile under the User Portal tab in the Forcepoint ONE SSE portal and selecting copy link
address.
Atlassian has a unique way for configuring the relay state for Confluence and Jira separately:
- Confluence: bg_portal_login&continue=https://portal.bitglass.com/idp/init/xxxx/?relay_state=https://<company name>.atlassian.net/wiki
- Jira: bg_portal_login&continue=https://portal.bitglass.com/idp/init/xxxx/?relay_state=https://<company
name>.atlassian.net where
Company name
refers to the company specific Atlassian Link.
Microsoft 365 allows you to set a relay state for each individual app within the Microsoft 365 suite. Set your Forcepoint ONE SSE Default Relay State to bg_portal_login&continue=https://portal.bitglass.com/idp/init/XXXX/?o365app=YYYY&spdomain=ZZZZ, where
YYYY
is the app you are setting up the tile for. This can be any of the following Microsoft 365 apps:- sharepoint
- onedrive
- word
- excel
- powerpoint
- teams
- azure
- video
- newsfeed
- delve
- outlook
- calendar
- people
- tasks
- planner
- sway
- dynamics
- flow
- powerbi
- forms
ZZZZ
is the domain of the tenant (for example, bitglass in bitglass.sharepoint.com)