BlueJeans

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) and user provisioning for BlueJeans.

About BlueJeans

BlueJeans provides cloud-based conferencing platform that allows large interactive events, deployment planning, training programs, and event assisting services.

After integrating BlueJeans with Oracle Identity Cloud Service:

  • Users can access BlueJeans using their Oracle Identity Cloud Service login credentials.
  • Users can launch BlueJeans using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the BlueJeans app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A BlueJeans account with authorization rights to configure federated authentication and user provisioning.
  • Identity Provider metadata. You can use the following URL to access the metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata and save the metadata in a text file. Use this file later to obtain the identity provider certificate in the "Obtaining the Identity Provider Certificate" section.

Prerequisite Step

A dedicated domain name is required before you can register and activate the BlueJeans app. You obtain that domain name from BlueJeans.

The BlueJeans domain name appears in the login URL: https://<Domain_Name>.bluejeans.com/ that you received in an email from BlueJeans.

Obtaining the Identity Provider Certificate

Use this section to obtain the Identity Provider Certificate in a format that is suitable for BlueJeans.

  1. Use the following URL to access the identity provider metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata.

  2. In the metadata file, locate the dsig:X509Certificate tags.

  3. Copy the content between the dsig:X509Certificate tags into a text file. This content is the Oracle Identity Cloud Service signing certificate.

    Image img1.png displays the metadata content with md:IDPSSODescriptor and dsig:X509Certificate tags highlighted.

  4. Add -----BEGIN CERTIFICATE----- at the beginning of the content.

  5. Add -----END CERTIFICATE----- at the end of the content.

    Image img2.png displays the text file with the certificate content highlighted.

  6. Save the text file in .pem format. This is the identity provider certificate.

    Tip: Use this certificate later during BlueJeans SSO configuration in the "Configuring SSO for BlueJeans" section.

Configuring SSO for BlueJeans

  1. Access BlueJeans as an administrator using the URL: https://<Domain_Name>.bluejeans.com/. The BlueJeans home page appears.

  2. On the header menu, click ADMIN. The GROUP SETTINGS page appears.

  3. Click the SECURITY tab, use the table to update the federated authentication attributes under the Authentication Options section, and then locate and click SAVE CHANGES. A success message is displayed stating that the security settings is saved successfully.

    Attribute Settings
    SAML Single Sign On Select the option.
    Enable automatic provisioning Select the check box.
    Note: Administrators can not create users in BlueJeans after selecting the Enable automatic provisioning check box.
    Certificate Path Click CHOOSE FILE, and then upload the identity provider signing certificate that you obtained earlier by performing the steps in the "Obtaining the Identity Provider Certificate" section.
    Login URL Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.
    Password Change URL Enter the Password Change URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.
    Logout URL Enter the Logout URL: https://<Domain_Name>.bluejeans.com/.
    RelayState Click Copy to clipboard and make note of the value. Use this RelayState value later during BlueJeans registration in Oracle Identity Cloud Service in the "Registering and Activating the BlueJeans App" section.
    Pick User Id from <saml2:NameID> element Select the check box.
    Email Enter Email.

    Note: Enabling SSO deactivates the ability to log in using the user name and password.

Obtaining Client ID and Client Secret

  1. On the GROUP SETTINGS page, locate and click the OAUTH ACCESS tab, and then click ADD NEW APP.

  2. Under the Create App section, enter your application Name and Description.

  3. Enter any random unique value as App Key, and then click SAVE. A success message is displayed stating that the OAuth app is created. The App Secret value is generated after entering the App Key value.

    Tip: While enabling user provisioning for the BlueJeans app in Oracle Identity Cloud Service, use the App Key and App Secret values as Client ID and Client Secret values respectively. See the "Enabling Provisioning" section.

Configuring BlueJeans in Oracle Identity Cloud Service

Use this section to register and activate BlueJeans, and to enable provisioning and synchronization for BlueJeans.

Registering and Activating the BlueJeans App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for BlueJeans, and then click Add.

  4. In the App Details section, enter your BlueJeans Application URL / Relay State, and then click Next.

    Note: This is the RelayState value that you obtained while performing the steps in the "Configuring SSO for BlueJeans" section.

  5. Click Next to enable provisioning and synchronization for BlueJeans. Oracle Identity Cloud Service displays the Provisioning page.

Enabling Provisioning and Synchronization for BlueJeans

Use this section to enable provisioning and synchronization for managing user accounts in BlueJeans through Oracle Identity Cloud Service.

Enabling Provisioning

  1. On the Provisioning page, select Enable Provisioning.

  2. Under the Configure Connectivity section, enter the Client ID.

    Note: This is the App Key value that you mentioned earlier while creating a new app. See the "Obtaining Client ID and Client Secret" section.

  3. Enter the Client Secret.

    Note: This is the App Secret value that you obtained while performing the steps in the "Obtaining Client ID and Client Secret" section.

  4. Click Test Connectivity. A success message is displayed stating that the connection is successful.

  5. To view predefined attribute mappings between the user account fields defined in BlueJeans and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

    Note: To add a new attribute for provisioning, click Add Row, specify the attributes in the User and BlueJeans Account columns, and then click OK. For example, if you want to add the External ID field, enter $(user.externalId) in the User column, and then select the corresponding field from the drop-down list in the BlueJeans Account column.

  6. Specify the provisioning operations that you want to enable for BlueJeans:

    Note: By default, the Create Account, Update Account, and Delete Account check boxes are selected.

    Create Account: Automatically creates a BlueJeans account when BlueJeans access is granted to the corresponding user in Oracle Identity Cloud Service.

    Update Account: Automatically updates a BlueJeans account when the corresponding user account is edited in Oracle Identity Cloud Service.

    Delete Account: Automatically removes an account from BlueJeans when BlueJeans access is revoked from the corresponding user in Oracle Identity Cloud Service.

    Note: When a user assigned to BlueJeans is revoked in the Users tab of Oracle Identity Cloud Service, the user is no more assigned to BlueJeans in Oracle Identity Cloud Service and is removed from the BlueJeans app. The same user can not be created again in the BlueJeans app and can not be assigned to BlueJeans under the Users tab of Oracle Identity Cloud Service. However, the user can be retrieved by contacting the BlueJeans support team and raising a ticket. To access the BlueJeans support page, visit https://support.bluejeans.com/.

Enabling Synchronization

  1. On the Provisioning page, select Enable Synchronization.

  2. From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from BlueJeans:

    Note: By default, the Primary Email Address option is selected from the drop-down list. It is recommended to leave this default attribute for accurate synchronization of user records.

    Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.

    User Name: User name of the Oracle Identity Cloud Service user.

  3. To match a BlueJeans account attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list.

    Note: By default, the Email option is selected. It is recommended not to change this default option.      

  1. From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:

    Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. 

    Link but do not confirm: Automatically links all the matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to manually confirm the linked accounts. 

  2. In the Max. number of creates field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.

  3. In the Max. number of deletes field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.

    After enabling provisioning and synchronization for BlueJeans, you can synchronize the existing account details from BlueJeans and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Importing User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.

    You can also manage BlueJeans accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups sections in Administering Oracle Identity Cloud Service.

  4. Click Finish, and Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP initiated SSO) and BlueJeans (SP initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the BlueJeans app. Oracle Identity Cloud Service displays a shortcut to BlueJeans under My Apps.

  3. Click BlueJeans. The BlueJeans home page appears.

    Note: When the user initiates SSO for the first time, the Welcome to BlueJeans! pop-up window appears. Fill in the required information and click CONTINUE. The BlueJeans home page appears.

  4. In the upper-right corner of the header menu, click the user icon, and then confirm that the user that is logged in is the same for both BlueJeans and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from BlueJeans

  1. Access BlueJeans using the URL: https://<Domain_Name>.bluejeans.com/, and then click LOGIN. You are redirected to the Oracle Identity Cloud Service login page.

  2. Log in using credentials for a user that is assigned to the BlueJeans app. The BlueJeans home page appears.

    Note: When the user initiates SSO for the first time, the Welcome to BlueJeans! pop-up window appears. Fill in the required information and click CONTINUE. The BlueJeans home page appears.

  3. In the upper-right corner of the header menu, click the user icon, and then confirm that the user that is logged in is the same for both BlueJeans and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from BlueJeans works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service BlueJeans app and BlueJeans is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select BlueJeans.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the BlueJeans app using Oracle Identity Cloud Service.

Solution 2:

  • Contact the BlueJeans support team and raise a ticket to retrieve the user. To access the BlueJeans support page, visit https://support.bluejeans.com/.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.