BlueJeans 3.0 loses Single Sign on with upgrade!

  • 2
  • Problem
  • Updated 2 years ago
The previous version had a single sign on link when joining from a browser. The new version (3.0) does not. Organizations with SSO configured are now required to select sign on, enter an email address, check the box and select sign on. This is not the same as the one click experience before and is unfortunate that this was missed with the migration. Please make plans to bring this back ASAP.
Photo of Chad Tuttle

Chad Tuttle

  • 234 Points 100 badge 2x thumb
  • upset

Posted 3 years ago

  • 2
Photo of Peter Verwayen - Director, Product

Peter Verwayen - Director, Product, Official Rep

  • 412 Points 250 badge 2x thumb
Hi Chad,

Blue Jeans 3.0 fully supports SSO, we just changed the log-in flow.  We do agree that the overall flow can be optimized and you will see an improvement in Q4; however, we will continue to follow the de facto industry standard for SP-initiated authentication via SAML by 1) asking for email, 2) looking up the user authentication type (basic or SAML), then 3) forwarding to the IdP or prompting for password (based on auth type).
Photo of Chad Tuttle

Chad Tuttle

  • 234 Points 100 badge 2x thumb
Thank you looking for ways to make it like it was before.
Photo of Craig Ernst

Craig Ernst, Champion

  • 2,458 Points 2k badge 2x thumb
Chad, thank you for sharing this. Our account hasn't been upgraded yet, but this is concerning. Sounds like a case of it wasn't broke so why did you fix it. Can you share with me screen shots of what you're seeing? If this changes as you describe I'm going to be extremely disappointed. Thank you!
Photo of Peter Verwayen - Director, Product

Peter Verwayen - Director, Product, Official Rep

  • 412 Points 250 badge 2x thumb
Blue Jeans set out to solve several issues with this new log-in flow:

1.) The majority of end users don’t understand what “SSO” or “Single Sign On” is

The following interface is what the previous join flow presents to users when joining a meeting:


The options presented to users were not clear and they didn’t know the difference between logging in with a Blue Jeans account or an SSO account.  If your users are not tripped up by this interface, you're not the norm.

Here is the new flow:


The new flow is improved to simply ask the user for his or her email address.  Users don't have to know that they are SSO users and they don't have to know they are using a Blue Jeans password.  It is by far simpler for end users and the majority agrees.

2.) Not every user authenticates against the same Identity Provider

We have many customers that have multiple Identity Providers (acquisitions and etc.).  The current join flow assumes that you are authenticating against the Identity Provider the Moderator is using.

In the future, we will be adding group-level configurations which will also support mapping users to their associated IdP.  If we don't change to this new, modern SSO flow, this highly desirable administrative capability will break everything.

3.) Blue Jeans values consistency across all clients

One of the main benefits of the Blue Jeans service is interoperability.  From a usability perspective, interoperability can easily work against you with the end user, who doesn’t see the benefits, like you do.  One way we plan to solve this is to ensure that every workflow is consistent across devices.  The log-in flow for the iOS app should be the same as the Blue Jeans web app, desktop app, and etc.  We are in the process of making this happen, and the new join flow is part of that.

When considering the task of making the flow consistent across all devices, you have to consider our apps, extensions and plugins.  For instance, the Blue Jeans mobile and desktop apps allow logging in to persist identity, allowing users to join meetings many times without having to identify themselves.  When doing this, there is no context as to which meeting you are joining, therefore no way to know which identity provider to pass the user to.  The user has to provide a username or email for us to know where to send them to log in.  This is especially the case for our Outlook Plugin and Chrome/Safari Extensions.  

Soon, our Marketing website will offer a similar log-in flow and everything will be consistent.
Photo of Scott Bowers

Scott Bowers

  • 162 Points 100 badge 2x thumb
It seems that you guys have done a good job in unifying the SSO log in experience across many of your clients; desktop apps, mobile clients, Outlook add-in, etc. The last pain point that we're having is users getting confused when they try to log in to their accounts via the main bluejeans.com page. Of course it works fine if they go to our enterprise landing page, but we have a steady flow of complaints from users on this inconsistency.

Is there any plans to sew up this last piece and have the main page recognize an email address attached to an SSO account and then send auth to the right place?
Photo of Adam Saunders

Adam Saunders

  • 264 Points 250 badge 2x thumb
The final sentence in this article is the killer, "Soon, our Marketing website will offer a similar log-in flow and everything will be consistent."

Most users in our company simply types www.bluejeans.com and try to login. It's your main website, not just your "marketing website". You need to fix this ASAP!
Photo of Craig Ernst

Craig Ernst, Champion

  • 2,458 Points 2k badge 2x thumb
Perhaps we are out of the norm then. We have our own enterprise landing page that we've always directed our users to for logging into their SSO (SAML) account. https://uwec.bluejeans.com

What this last post by Peter looks like is people finding SSO when just going directly into a meeting and logging in?

How will our landing page change with the 3.0 upgrade if at all? Perhaps this is moot then?
Photo of Peter Verwayen - Director, Product

Peter Verwayen - Director, Product, Official Rep

  • 412 Points 250 badge 2x thumb
Hi Craig,

You are correct.  The landing page will go unchanged in the 3.0 release, and will likely be the only log-in flow that stays the way it is over time.  The changes that are referenced in this thread are strictly related to the process of joining a meeting.
Photo of Adam Saunders

Adam Saunders

  • 264 Points 250 badge 2x thumb
The SSO process is not thoroughly thought through. When I go to BlueJeans.com and click "Login" I should be directed to the SSO login page for my organization. Instead, my users can not login using their SSO credentials because the login is a dropdown and not a redirect to a login page. Please fix this flow ASAP. This is a major annoyance for our users.
Photo of Chad Tuttle

Chad Tuttle

  • 234 Points 100 badge 2x thumb
Is there any progress on improving the sign on?
We have dozens of single sign-on agreements with third parties and BlueJeans is the only one that makes internal users enter their credentials.