Chapter 25

Blue Jeans Network

This section contains the following topics:


"An overview of configuring Blue Jeans Network for single sign-on" on page 25-31

"Configuring Blue Jeans Network for SSO" on page 25-32

"Configuring Blue Jeans Network in Cloud Manager" on page 25-34

"For more information about Blue Jeans Network" on page 25-37

An overview of configuring Blue Jeans Network for single sign-on

To configure the Blue Jeans Network application for single-sign on (an overview)
1 Configure Blue Jeans Network for SSO with SAML. For details, see "Configuring

Blue Jeans Network for SSO" on page 25-32.

2 Configure Blue Jeans Network users for SSO.
3 Configure the application settings in Cloud Manager: Configure the Blue Jeans

Network web application in the Cloud Manager. Here you specify some of the settings
you specified in the web application directly. For details, see "Configuring Blue Jeans
Network in Cloud Manager" on page 25-34.

Requirements
Requirements

A signed certificate. You can either download one from Cloud Manager or use your
organizations trusted certificate.

Setting up the certificates for SSO

To establish a trusted connection between the web application and the cloud service, you
need to have the same signing certificate in both the application and the application settings
in Cloud Manager.
If you use your own certificate, you upload the signing certificate and its private key in a
.pfx or .p12 file to the application settings in Cloud Manager. You also upload the public
key certificate in a .cer or .pem file to the web application.
To download an application certificate from Cloud Manager (overview):
1 In the Apps page, add the application.

31

Configuring Blue Jeans Network for SSO

2 Click the application to open the application details.

3 In the Application Settings tab, click Download Signing Certificate to download and

save the certificate.

What you need to know about Blue Jeans Network

Each SAML application is different. Here are the Blue Jeans Network features and
functionality that you need to know when configuring the application for SSO.
Feature

Description

Available versions and clients

web browser application, iOS application

SP-initiated SSO works?

Yes - from the URL that has the format of

https://<yourdomain>.bluejeans.com.

IdP-initiated SSO works?

Yes

Is there a separate login for

administrators after SSO is
enabled?

After SSO is enabled, users and administrators can continue to log in

to Blue Jeans Network with their user name and password from the
URL http://bluejeans.com/.

Lockout possibility and how to

recover after lockout

No.

User provisioning

You can add users manually. Or, you can download a spreadsheet
from Blue Jeans, add your user data, then upload the spreadsheet file.
Blue Jeans also provides the option of automatic user provisioning.

User types

users, administrators

Can users reset their own

passwords? Can administrators
reset a users password?

Users can reset their own passwords from the Forgot Password link
on the login screen.
Administrators cannot reset users passwords.

Other security settings

If you dont configure Blue Jeans Network with SAML SSO, you can
control security settings such as password strength, change
password options, and failed login notifications. These settings dont
apply when SAML SSO is enabled.

Configuring Blue Jeans Network

Network for SSO
To configure Blue Jeans Network for SSO:
1 In your web browser, go to https://<yourdomain>.bluejeans.com and log in with your

administrator credentials.
2 Click Admin > Group Settings > Security.
3 Select SAML Single Sign On.

Chapter 25 Blue Jeans Network

32

Configuring Blue Jeans Network for SSO

Use this page to configure the application for single sign-on.

4 Specify the following for the SSO Settings:

Option

Description

Enable automatic provisioning Blue Jeans Network recommends enabling automatic user provisioning.
Certificate path

Upload a x.509 certificate.

Login URL

Copy and paste this value from the Cloud Manager application settings
to this field.

Password Change URL

Copy and paste this value from the Cloud Manager application settings
to this field.

Logout URL

Copy and paste this value from the Cloud Manager application settings
to this field.

Cloud Manager users guide

33

Configuring Blue Jeans Network in Cloud Manager

Option

Description

Custom Error Page URL

Copy and paste this value from the Cloud Manager application settings
to this field.

RelayState

Copy the value in Blue Jeans and paste the value into the application
setting in Cloud Manager.

Configure SAML Attribute

Mapping

Ignore this setting.

Pick User ID from

<saml2:NameID> element

Select this option, and then in the Email field, enter Email (no quotes).

5 Click Save Changes.

6 Log out of your Blue Jeans Network account.

Configuring Blue Jeans Network in Cloud Manager

To add and configure the Blue Jeans Network application in Cloud Manager:
1 In Cloud Manager, click Apps.
2 Click Add Web Apps.

The Add Web Apps screen appears.

3 On the Search tab, enter the partial or full application name in the Search field and click

the search icon.

4 Next to the application, click Add.
5 In the Add Web App screen, click Yes to confirm.

Cloud Manager adds the application.

6 Click Close to exit the Application Catalog.

The application that you just added opens to the Application Settings page.
7 On the Application Settings page, specify the following settings that are unique to this

application:
Option

Description

Your RelayState provided by

Blue Jeans Network

Paste in this value from the SAML Single Sign On settings in your
Blue Jeans Network admin settings area.

Login URL

Copy this value and paste it into the Login URL field in the SAML
Single Sign On settings in your Blue Jeans Network admin
settings area.

Chapter 25 Blue Jeans Network

34

Configuring Blue Jeans Network in Cloud Manager

Option

Description

Custom Error Page URL

Copy this value and paste it into the Custom Error Page URL field
in the SAML Single Sign On settings in your Blue Jeans Network
admin settings area.

Logout URL

Copy this value and paste it into the Logout URL field in the SAML
Single Sign On settings in your Blue Jeans Network admin
settings area.

8 On the Application Settings page, expand the Additional Options section and

specify the following settings:

Option

Description

Application ID

Configure this field if you are deploying a mobile application that uses
the Centrify mobile SDK, for example mobile applications that are
deployed into a Samsung KNOX version 1 container. The cloud service
uses the Application ID to provide single sign-on to mobile applications.
Note the following:
The Application ID has to be the same as the text string that is
specified as the target in the code of the mobile application written
using the mobile SDK. If you change the name of the web application
that corresponds to the mobile application, you need to enter the
original application name in the Application ID field.
There can only be one SAML application deployed with the name used
by the mobile application.
The Application ID is case-sensitive and can be any combination of
letters, numbers, spaces, and special characters up to 256 characters.

Show in User app list

Select Show in User app list to display this web application in the user
portal. (This option is selected by default.)
If this web application is added only to provide SAML for a corresponding
mobile app, deselect this option so the web application wont display for
users in the user portal.

Security Certificate

These settings specify the security certificate used for secure SSO
authentication between the cloud service and the web application.
Select an option to change the security certificate.
Use existing certificate displays beneath it the certificate currently in
use. The Download button below the certificate name downloads the
current certificate through your web browser to your computer so you
can supply the certificate to the web application during SSO
configuration. Its not necessary to select this optionits present to
display current status.
Use the default tenant signing certificate selects the cloud service
standard certificate for use. This is the default setting.
Use a certificate with a private key (pfx file) from your local storage
selects any certificate you want to supply, typically your organizations
own certificate. To use this selection, you must click Browse to upload
an archive file (.p12 or .pfx extension) that contains the certificate
along with its private key. If the file has a password, you must enter it
when prompted.

Cloud Manager users guide

35

Configuring Blue Jeans Network in Cloud Manager

9 On the User Access page, select the role(s) that represent the users and groups that have

access to the application.

When assigning an application to a role, select either Automatic Install or Optional
Install:

Select Automatic Install for applications that you want to appear automatically for
users.
If you select Optional Install, the application doesnt automatically appear in the
user portal and users have the option to add the application.

10 (Optional) On the Policy page, specify additional authentication control for this

application.You can select one or both of the following settings:

Restrict app to clients within the Corporate IP Range: Select this option to
prevent users outside the company intranet from launching this application. To use this
option, you must also specify which IP addresses are considered as your intranet by
specifying the Corporate IP range in Settings > Corporate IP Range.


Require Strong Authentication: Select this option to force users to authenticate
using additional, stronger authentication mechanisms when launching an application.
Specify these mechanisms in Policy > Add Policy Set > Account Security Policies >
Authentication.
You can also include JavaScript code to identify specific circumstances when you want
to block an application or you want to require additional authentication methods. For
details, see Application access policies with JavaScript.
11 On the Account Mapping page, configure how the login information is mapped to the

applications user accounts. The options are as follows:

Use the following Directory Service field to supply the user name: Use this
option if the user accounts are based on user attributes. For example, specify an Active
Directory field such as mail or userPrincipalName or a similar field from the Centrify user
service.


Everybody shares a single user name: Use this option if you want to share access
to an account but not share the user name and password. For example, some people
share an application developer account.


Use Account Mapping Script: You can customize the user account mapping here
by supplying a custom JavaScript script. For example, you could use the following line
as a script:
LoginUser.Username = LoginUser.Get('mail')+'.ad';

The above script instructs the cloud service to set the login user name to the users mail
attribute value in Active Directory and add .ad to the end. So, if the users mail
attribute value is Adele.Darwin@acme.com then the cloud service uses

Chapter 25 Blue Jeans Network

36

For more information about Blue Jeans Network

Adele.Darwin@acme.com.ad. For more information about writing a script to map

user accounts, see the SAML application scripting.
12 (Optional) On the Advanced page, you can edit the script that generates the SAML

assertion, if needed. In most cases, you dont need to edit this script. For more
information, see the SAML application scripting.
On the Changelog page, you can see recent changes that have been made to the
application settings, by date, user, and the type of change that was made.
Note

13 Click Workflow to set up a request and approval work flow for this application.

The Workflow feature is a premium feature and is available only in the Centrify Identity
Service App+ Edition. See Configuring Workflow for more information.
14 Click Save.

After configuring the application settings (including the role assignment) and the
applications web site, youre ready for users to launch the application from the user
portal.

For more information

information about Blue Jeans Network
For more information about configuring Blue Jeans Network for SSO, see the following
information:
Configuring Blue Jeans Network for SAML SSO:

http://na9.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/
d?orgId=00DE0000000IOFe&id=501E00000008txV&retURL=%2Fsol%2Fpublic%2Fsol
utionbrowser.jsp%3Fsearch%3Dadd%2Busers%26cid%3D000000000000000%26orgId%
3D00DE0000000IOFe%26t%3D4&ps=1
Blue Jeans Network SAML SSO FAQ:

http://na9.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/
d?orgId=00DE0000000IOFe&id=501E00000008u2a&retURL=%2Fsol%2Fpublic%2Fsol
utionbrowser.jsp%3Fsearch%3Dsaml%26cid%3D000000000000000%26orgId%3D00DE
0000000IOFe%26t%3D4&ps=1
Blue Jeans Network administrator getting started checklist:

http://na9.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/
d?orgId=00DE0000000IOFe&id=501E00000008tj4&retURL=%2Fsol%2Fpublic%2Fsolu
tionbrowser.jsp%3Fsearch%3Dadd%2Busers%26cid%3D000000000000000%26orgId%3
D00DE0000000IOFe%26t%3D4&ps=1

Cloud Manager users guide

37

For more information about Blue Jeans Network

Uploading user accounts from a spreadsheet:

http://na9.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/
d?orgId=00DE0000000IOFe&id=501E00000008uxK&retURL=%2Fsol%2Fpublic%2Fsol
utionbrowser.jsp%3Fsearch%3Dadd%2Busers%26cid%3D000000000000000%26orgId%
3D00DE0000000IOFe%26t%3D4&ps=1
TCP/UDP ports used by Blue Jeans Network:

http://na9.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/
d?orgId=00DE0000000IOFe&id=501E00000008sfG&retURL=%2Fsol%2Fpublic%2Fsol
utionbrowser.jsp%3Fsearch%3DLync%26cid%3D000000000000000%26orgId%3D00DE
0000000IOFe%26t%3D4&ps=1

Chapter 25 Blue Jeans Network

38