Barco search

    Products
    Solutions
    Back

    Products & solutions

    Products
    1. Medical displays
      Back

      Products & solutions

      Medical displays
      1. All-in-one displays
      2. Breast imaging displays
      3. Clinical review displays
      4. Custom medical solutions
      5. Dental displays
      6. Digital pathology displays
      7. Healthcare software
      8. Medical display controllers
      9. Radiology displays
      10. Surgical displays
    2. Digital operating room
      Back

      Products & solutions

      Digital operating room
      1. Medical device management
      2. Surgical collaboration
    3. Services
      Back

      Products & solutions

      Services
      1. Enterprise services
      2. Entertainment services
      3. Healthcare services
    4. ClickShare
      Back

      Products & solutions

      ClickShare
      1. Video bars for wireless collaboration
      2. Wireless conferencing
      3. Wireless presentation
    5. Projection
      Back

      Products & solutions

      Projection
      1. Installation projectors
      2. Rental projectors
      3. Simulation projectors
    6. Image processing
      Back

      Products & solutions

      Image processing
      1. Event master
      2. Screen management
    7. Cinema systems
      Back

      Products & solutions

      Cinema systems
      1. Cinema projectors
      2. Home cinema projectors
      3. Laser light upgrade
      4. Media servers & audio
      5. Cinema screens
    8. Video walls
      Back

      Products & solutions

      Video walls
      1. Controllers
      2. LCD video walls
      3. LED video walls
      4. Rear-projection video walls
    9. Control room software
      Back

      Products & solutions

      Control room software
      1. Barco CTRL
      2. OpSpace
      3. TransForm N
    10. Immersive systems
      Back

      Products & solutions

      Immersive systems
      1. Canvas
      2. Caves
      3. Powerwalls
    Solutions
      1. 3D visualization
      2. Cinema
      3. Control rooms
      4. Home entertainment
      5. Live events
      6. Medical imaging & workflows
      7. Projection mapping
      8. Simulation & training solutions
      9. Television studio
      10. Themed entertainment
      11. Workplace
    Back

    Inspiration

      1. News & Insights
      2. Customer stories
      3. Events
    Back

    Contact

      1. Where to buy
      2. Office locator
      3. Contact us
    Back

    Support

      1. Support
      2. Knowledge base
      3. Training & certification
    Back

    About Barco

      1. Barco 90 years
      2. This is Barco
      3. Investor relations
      4. Jobs
      5. Press releases
      6. Sustainability
      7. Worldwide offices
      8. Trust center
      9. Corporate governance
      10. Experience Center
      11. Patents
      12. Brand resources
    Back

    Partners

      1. Resellers & system integrators
      2. Alliance partners
      3. Consultants
      4. Suppliers
      5. Why become a partner?

    Quick start guide for Barco Single Sign-on

    Article number: [1869] - Legacy code: [12591]

    Applicable to

    The Single Sign-On (SSO) feature of Barco Management Suite (BMS) allows Account administrators to configure and enable/disable single sign-on for one of the claimed domains (e.g. example.com) of the Account.

    We support the following SSO protocols:

    • OpenID Connect v1.0 (OIDC)
    • SAML v2.0
    Warning! For security reasons, we require that there is at least one Account administrator that uses the standard Barco ID provider, i.e. not Single Sign-On.
    Info! You'll need to be an Account administrator (which is different from an Application administrator).
    To become an Account administrator, you will need to either verify your access on your email domain or request access from an existing administrator (how to: see KB 10353).
    When you don't know the administrator of your Account, please create a support ticket to find this out, see KB 6024 for details.

     

    Content

    1. First time Single Sign-on configuration
    2. Migrate Users
    3. Update configuration
    4. Deactivate configuration
    5. Remove configuration
    6. FAQ's

     

    A. First-time configuration

    First-time configuration depends on the SSO protocols used. Use the links below to jump to the respective section.

    1. OpenID Connect v1.0 (OIDC)
    2. SAML v2.0

    A.1 First time configuration with OpenID Connect v1.0 (OIDC)

    We assume that you have an existing application on your IDP.

    To complete the OpenID Connect configuration, you'll need to follow the next 5 steps.

    1. Start the Single sign-on configuration for the domain in BMS.
    2. Configure the application on your IDP.
    3. Complete the Single sign-on configuration  in BMS using your IDP Application Secret and Client ID.
    4. Activate the Single sign-on settings  in BMS.
    5. Migrate the users  through BMS.

    These steps are explained in more detail below.
     

    A.1.1. Start the Single sign-on configuration

    1. Navigate to the Single sign-on settings page on Barco Management Suite.
    2. Select protocol as OpenID Connect v1.0
    3. Copy and save the Redirect URI.

    A.1.2. Configure the application

    In this step, we configure the application in your IDP to allow your users access to Barco Single sign-on.

    • Use the Redirect URI from BMS in your IDP Application.
    • Create and save the Application Secret on your IDP and Application Client ID.

    Example: read [KB 1865] for an example of how to configure this in the Azure portal.

    A.1.3. Complete the Single sign-on configuration

    1. For Discovery URI enter the OpenID configuration endpoint defined by your IDP.
    2. Optionally, add your scopes to the Scope field, without removing 'openid'.
    3. Add the Client ID and Secret from your IDP application.
    4. Optionally, change the Claims when you've specified your own.
    5. Save this configuration by clicking on Save.
    image.pngimage.png

    A.1.4. Activate the Single sign-on settings

    After you've completed the previous step, the Status for your domain shows as ‘Configured’ with the Protocol as ‘OpenID Connect v1.0’.

    To activate Single sign-on for the domain, click on the Enable Single sign-on menu option.

    A confirmation dialog will pop up and then you may click on Enable after reading the impact of this action in the dialog description.

    The Status for your domain is now ‘Single Sign-on enabled’.

    A.1.5. Migrate the users

    See migrate users .


     

    A.2 First-time configuration with SAML v2.0

    We assume that you have an existing application on your IDP.

    To complete the SAML configuration, you'll need to follow the next 6 steps.

    1. Start configuring the application on your IDP
    2. Start the Single Sign-on configuration on BMS
    3. Complete configuration on your IDP
    4. Complete configuration on BMS
    5. Activate the Single Sign-on settings
    6. Migrate the users

    These steps are explained in more detail below.
     

    A.2.1 Start configuring the application on your IDP

    In this step, we configure the application on your IDP for SAML-based Single Sign-on.

    • Select the Single Sign-on mode as SAML
    • Get the federation metadata file for this application

    Examples:

    1. Read [KB 1865] for an example on how to configure this in the Azure portal
    2. Read [KB 7268] for an example on how to configure this with ADFS.
    3. Read [KB 1869] for an example on how to configure this with okta.com.

    A.2.2 Start the Single Sign-on configuration on BMS

    1. Navigate to the Single Sign-on settings page on Barco Management Suite
    2. Select protocol as SAML v2.0
    3. For Your metadata, select the federation metadata file obtained from your IDP & click Upload.
    4. After the metadata has been uploaded, download the Barco metadata file by clicking the download button.

    Note: If the Barco metadata doesn’t start downloading, you may need to check your browser settings.

    A.2.3 Complete configuration on your IDP

    In this step, you need to use the Barco metadata file obtained from BMS to complete configuring the application on your IDP.

    A.2.4 Complete configuration on BMS

    After the configuration in IDP is completed, we will complete the configuration on BMS.

    1. Set the Signing algorithm under SAML certificate, according to the configuration on your IDP.
    2. Optionally, change the Assertions for EmailFirst name or Last name.
    3. Save this configuration by clicking on Save.

    kb1869_01.png

    A.2.5 Activate Single Sign-on settings

    After you've completed the previous step, the Status for your domain now shows as ‘Configured’ with the Protocol as ‘SAML v2.0’

     

    To activate Single sign-on for the domain, click on the Enable Single sign-on menu option.

    A confirmation dialog will pop up and then you may click on Enable after reading the impact of this action in the dialog description.

    A.2.6 Migrate the users

    See migrate users.

     

    B. Migrate Users

    When you have successfully activated Single sign-on for your domain, you can migrate users from a Barco login to a single sign-on-based login.

    1. Navigate to User Management → Internal users page.

    2. For the users with ID Type as 'Barco ID', click on options → Switch to Single sign-on ID.

    Warning! For security reasons, we require that there is at least one Account administrator that uses the standard Barco ID provider, i.e. not Single Sign-On.

     

    C. Update configuration

    1. General Instructions
    2. Update Secret for OpenID Connect
    3. Change Single Sign-on protocol
    4. Update SAML v2.0 Metadata

    C.1 General Instructions

    To update the Single sign-on configuration on your domain, follow these next 4 steps:

    1. Navigate to the Single Sign-on settings page on Barco Management Suite
    2. From the options menu for the domain, click on Edit Single sign-on settings.
    3. Wait for some time until the page is loading, then edit the settings you want to update.
    4. Click Save.

     

    C.2 Update Secret for OpenID Connect

    To update the Secret for your OpenID Connect configuration, follow these next 4 steps:

    1. After following General instruction steps 1 - 3, scroll to Secret.
    2. Click on the Edit button.
    3. Add the updated value.
    4. Click on the Save ((tick)) button.

    image.png
    image.png
     

    C.3 Change Single Sign-on protocol

    BMS allows to change the Single Sign-on Protocol, even if the domain is 'Configured' or 'Single sign-on enabled'. However, changing the protocol removes the current configuration which may impact single sign-on users.

    To change the Single Sign-on protocol for the domain, you'll need to follow these steps:

    1. Navigate to the Single Sign-on settings page on Barco Management Suite
    2. From the options menu for the domain, click on Edit Single sign-on settings.
    3. Wait for the page to load, then select the Protocol menu and choose the single sign-on method you want to use.
    4. If single sign-on is enabled for your domain, a confirmation dialog will pop up. Click on Yes, if you understand the impact.
    5. Follow the instructions for First-time configuration for the selected protocol.

     

    C.4 Update SAML v2.0 Metadata

    To update the SAML Metadata file for Single sign-on configuration, follow these steps:

    1. Follow general instructions (steps 1-3).
    2. Click the folder icon to open File Explorer and select the new metadata file that you want to use.
    3. After selection, a warning appears on updating metadata. Click Upload.
    4. Metadata file has been updated successfully.

     

    D. Deactivate configuration

    Deactivating configuration for a domain does not remove its Single sign-on settings.

    1. To deactivate the Single Sign-on configuration for a domain, navigate to the Single Sign-on page on BMS.
    2. Click on Disable Single sign-on menu option.
    3. A confirmation dialog will pop up and then you may click on Disable after reading the impact of this action.
    4. This sets the Status of the domain to 'Configured'.

     

    E. Remove configuration

    Removing configuration for a domain also deactivates Single sign-on for the domain users. To use Single sign-on after the configuration has been removed, go through the steps for First-time configuration to set it up again.

    1. To remove the Single Sign-on configuration for a domain, navigate to the Single Sign-on page on BMS.
    2. Click on Delete Single sign-on settings menu option.
    3. A confirmation dialog will pop up and then you may click on Delete after reading the impact of this action.
    4. Single sign-on for this domain is deactivated and the configuration is removed. The Status for the domain is 'Not configured'.

     

    F. FAQ's

    Properties

    Last updated Mar 29, 2024

    No solution found?

    Phone support

    Our helpdesk provides you with prompt phone support. A team of experienced support engineers is at your service for any professional assistance.

    Get support
    Phone support

    Our helpdesk provides you with prompt phone support. A team of experienced support engineers is at your service for any professional assistance.

    Get support

    No solution found?

    Phone support

    Our helpdesk provides you with prompt phone support. A team of experienced support engineers is at your service for any professional assistance.

    Get support
    Phone support

    Our helpdesk provides you with prompt phone support. A team of experienced support engineers is at your service for any professional assistance.

    Get support