Blue Jeans 3.0 fully supports SSO, we just changed the log-in flow. We do agree that the overall flow can be optimized and you will see an improvement in Q4; however, we will continue to follow the de facto industry standard for SP-initiated authentication via SAML by 1) asking for email, 2) looking up the user authentication type (basic or SAML), then 3) forwarding to the IdP or prompting for password (based on auth type).
1.) The majority of end users don’t understand what “SSO” or “Single Sign On” is
The following interface is what the previous join flow presents to users when joining a meeting:
The options presented to users were not clear and they didn’t know the difference between logging in with a Blue Jeans account or an SSO account. If your users are not tripped up by this interface, you're not the norm.
Here is the new flow:
The new flow is improved to simply ask the user for his or her email address. Users don't have to know that they are SSO users and they don't have to know they are using a Blue Jeans password. It is by far simpler for end users and the majority agrees.2.) Not every user authenticates against the same Identity Provider
We have many customers that have multiple Identity Providers (acquisitions and etc.). The current join flow assumes that you are authenticating against the Identity Provider the Moderator is using.
In the future, we will be adding group-level configurations which will also support mapping users to their associated IdP. If we don't change to this new, modern SSO flow, this highly desirable administrative capability will break everything.3.) Blue Jeans values consistency across all clients
One of the main benefits of the Blue Jeans service is interoperability. From a usability perspective, interoperability can easily work against you with the end user, who doesn’t see the benefits, like you do. One way we plan to solve this is to ensure that every workflow is consistent across devices. The log-in flow for the iOS app should be the same as the Blue Jeans web app, desktop app, and etc. We are in the process of making this happen, and the new join flow is part of that.When considering the task of making the flow consistent across all devices, you have to consider our apps, extensions and plugins. For instance, the Blue Jeans mobile and desktop apps allow logging in to persist identity, allowing users to join meetings many times without having to identify themselves. When doing this, there is no context as to which meeting you are joining, therefore no way to know which identity provider to pass the user to. The user has to provide a username or email for us to know where to send them to log in. This is especially the case for our Outlook Plugin and Chrome/Safari Extensions.
Soon, our Marketing website will offer a similar log-in flow and everything will be consistent.
What this last post by Peter looks like is people finding SSO when just going directly into a meeting and logging in?
How will our landing page change with the 3.0 upgrade if at all? Perhaps this is moot then?