Using advanced IdP settings

Use the additional information that may be needed during your IdP setup that is not covered in the primary setups, such as Default Relay State.

Default relay state

This section will provide the necessary continue URLs you will need to include in the Default Relay State if you wish to SSO users directly into an app after authentication. Fill in <DOMAIN> with the domain used for SP initiated SSO.

  • Google Apps: bg_portal_login&continue=https://mail-google-com.btglss.net/a/<DOMAIN>/
  • Microsoft 365: bg_portal_login&continue=https://portal.bitglass.com/sso/login/<DOMAIN>/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=

    Example: bg_portal_login&continue=https://portal.bitglass.com/sso/login/acme-gadget.com/?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=

  • Other Apps: Contact Forcepoint ONE SSE support team.

Okta App tile support

If you are protecting applications with Forcepoint ONE SSE using Okta as an IdP and wish to add your apps as a tile in Okta so that users can just login to Okta and launch their apps directly from the portal tiles, you will need to adjust the default relay state on the IdP configuration settings in Forcepoint ONE SSE.

In Okta, set your Forcepoint ONE SSE Default Relay State to bg_portal_login&continue=https://portal.bitglass.com/idp/init/xxxx/ where XXXX is the application number associated with the application. You can find this by right clicking on the application tile under the User Portal tab in the Forcepoint ONE SSE portal and selecting copy link address.

Atlassian

Atlassian has a unique way for configuring the relay state for Confluence and Jira separately:

  • Confluence: bg_portal_login&continue=https://portal.bitglass.com/idp/init/xxxx/?relay_state=https://<company name>.atlassian.net/wiki
  • Jira: bg_portal_login&continue=https://portal.bitglass.com/idp/init/xxxx/?relay_state=https://<company name>.atlassian.net where Company name refers to the company specific Atlassian Link.
Microsoft 365

Microsoft 365 allows you to set a relay state for each individual app within the Microsoft 365 suite. Set your Forcepoint ONE SSE Default Relay State to bg_portal_login&continue=https://portal.bitglass.com/idp/init/XXXX/?o365app=YYYY&spdomain=ZZZZ, where

  • YYYY is the app you are setting up the tile for. This can be any of the following Microsoft 365 apps:
    • sharepoint
    • onedrive
    • word
    • excel
    • powerpoint
    • teams
    • azure
    • video
    • newsfeed
    • delve
    • outlook
    • calendar
    • people
    • tasks
    • planner
    • sway
    • dynamics
    • flow
    • powerbi
    • forms
  • ZZZZ is the domain of the tenant (for example, bitglass in bitglass.sharepoint.com)