BrainStorm is compatible with Microsoft Entra ID using the BrainStorm Platform SSO Application available within Microsoft's Enterprise applications.
1. Login to the Microsoft 365 Admin center and select Microsoft Entra ID.
2. Select Enterprise applications.
3. From the top, click New Application.
4. Using the search box at the top, enter BrainStorm Platform, then click the BrainStorm Platform tile.
5. Click Create at the bottom.
6. Once the app is added, a new BrainStorm Overview screen appears. Click Single sign-on from the left sidebar.
7. Select SAML as the single sign-on method.
8. Locate Basic SAML Configuration and click Edit.
9. Copy and paste the following entries:
Identifier (Entity ID):
urn:brainstorminc:auth:wsfed
Hint: This Entity ID is preconfigured, but as you will need to see the completed checkmark you will need to copy and paste the Entity ID.
Reply URL:
https://auth.brainstorminc.com/signin-wsfed
Sign on URL:
https://auth.brainstorminc.com/auth/wsfed?providerId=ABC
IMPORTANT! You will be using your BrainStorm SSO ID in place of "providerId=ABC" above.
Your BrainStorm SSO ID will be found in the URL of the Configure page within the BrainStorm platform side once your SSO set up is completed. (see step 16 below)
10. Click X to return to the Set Up Single Sign-On with SAML page.
11. In section 3 locate the Signing Certificate to access the App Federation Metadata. You have two options:
- (Recommended) Copy the URL (You will use this in just one moment)
NOTE: If you use this copy of the URL you will not need to update the metadata later when it expires. BrainStorm will look for and update the metadata as needed.
OR - Click the Download link next to Federation Metadata XML
12. In the Attributes & Claims section there is nothing you will need to do. You will see the SAML token attributes preconfigured for givenname, surname, emailaddress, name (UPN), title, department.
13. Click Properties and select Assignment Required to Yes or No.
No (recommended): Any user in your Microsoft AD can access the application and authenticate.
Yes: Users must be assigned to the application before they can authenticate and access. (see step5 below)
14. Click Save.
15. Skip this step if you selected No for Assignment Required (step 13 above). If you selected Yes for Assignment Required:
- Click Users and groups.
- Click Add user/group.
- Click users or groups in the Add Assignment dialog.
- Within the dialog, search for the user/group that you wish to assign to the BrainStorm application.
- Select and assign the user/group to be added. Repeat as needed
STOP
You will now need to go into the BrainStorm Admin portal (https://admin.brainstorminc.com) to configure SSO there and to obtain the Provider ID.
16. In the BrainStorm Admin portal click the account settings icon at the bottom left, then select SSO
17. Click the Add ID Provider button in the right corner
18. Name your SSO provider. This name will appear in your SSO settings
19. In the SSO Identity Provider (IdP) section > Select Microsoft Entra ID from the drop-down list
20. In the URL section input your metadata previously copied > Click Insert
21. Toggle on to Automatically update Metadata
22. Click NEXT
23. On the Attribute Mapping page verify attributes are correct
24. Toggle on Update user info based on mapping
25. Click Save Changes
26. Click on the name of the SSO that you just configured
27. Locate the Provider ID in the URL. This will be your BrainStorm SSO ID needed in your Microsoft Entra ID configuration.
STOP
28. Go back into your BrainStorm app within your Entra ID
29. In the Basic SAML Configuration section click Edit
30. Edit the Sign on URL to have the correct Provider ID (remove the ABC and add the Provider ID from step 27 above)
31. Click SAVE
You can now test your SSO setup by logging in to the BrainStorm admin (http://admin.brainstorminc.com) or the end-user portal (https://app.brainstorminc.com)