When your CRM, website builder, HR tools, and learning platform live under one roof, logging in separately to each one defeats the purpose. Bluefie uses single sign-on (SSO) across all subdomains so your team logs in once and accesses everything.
How It Works
Each Bluefie organization has a primary subdomain (e.g., acme.bluefie.com). From there, apps like:
- crm.bluefie.com
- learn.bluefie.com
- people.bluefie.com
…all share the same authentication context. When you sign in on one, you're signed in on all.
The Technical Approach
We use a shared cookie domain (.bluefie.com) for the session token. When you authenticate on any subdomain, the cookie is set at the root domain level. Subsequent requests to other subdomains automatically include that cookie, so no second login is required.
Key details:
- Secure and HttpOnly – The session cookie cannot be read by JavaScript and is only sent over HTTPS
- SameSite – Prevents cross-site request forgery while allowing subdomain sharing
- Short-lived tokens – Sessions expire after a configurable period; refresh tokens extend access without re-entering credentials
What Your Team Experiences
- First visit – User goes to
crm.bluefie.com, enters credentials, and signs in - Navigate to another app – User clicks through to
learn.bluefie.comand is already logged in - Role-based access – Permissions are enforced per app. A user might have CRM access but not HR access, all from the same session
Benefits Beyond Convenience
- Fewer password resets – One login means fewer credentials to manage
- Centralized deprovisioning – When someone leaves, you revoke access in one place and they're logged out everywhere
- Audit trails – Login events and session activity are logged across all apps for compliance and security
SSO across subdomains is one of the ways Bluefie removes friction so your team can focus on work instead of tool-hopping.