BrainStorm is compatible with Microsoft Entra ID using the BrainStorm Platform SSO Application available within Microsoft's Enterprise applications. 



1. Login to the Microsoft 365 Admin center and select Microsoft Entra ID.

2. Select Enterprise applications.



3. From the top, click New Application.



4. Using the search box at the top, enter BrainStorm Platform, then click the BrainStorm Platform tile.



5. Click Create at the bottom.


6. Once the app is added, a new BrainStorm Overview screen appears. Click Single sign-on from the left sidebar.



7. Select SAML as the single sign-on method.



8. Locate Basic SAML Configuration and click Edit.



9. Copy and paste the following entries:

Identifier (Entity ID):

urn:brainstorminc:auth:wsfed


Hint: This Entity ID is preconfigured, but as you will need to see the completed checkmark you will need to copy and paste the Entity ID.


Reply URL:

https://auth.brainstorminc.com/signin-wsfed


Sign on URL:

https://auth.brainstorminc.com/auth/wsfed?providerId=ABC


IMPORTANT! You will be using your BrainStorm SSO ID in place of "providerId=ABC" above. 

Your BrainStorm SSO ID will be found in the URL of the Configure page within the BrainStorm platform side once your SSO set up is completed. (see step 16 below)


10. Click to return to the Set Up Single Sign-On with SAML page.


11. In section 3 locate the Signing Certificate to access the App Federation Metadata. You have two options:

  • (Recommended) Copy the URL (You will use this in just one moment)
    NOTE: If you use this copy of the URL you will not need to update the metadata later when it expires. BrainStorm will look for and update the metadata as needed.

    OR

  • Click the Download link next to Federation Metadata XML





12. In the Attributes & Claims section there is nothing you will need to do. You will see the SAML token attributes preconfigured for givenname, surname, emailaddress, name (UPN), title, department.

13. Click  Properties and select Assignment Required to Yes or No.

  • No (recommended): Any user in your Microsoft AD can access the application and authenticate.

  • Yes: Users must be assigned to the application before they can authenticate and access. (see step5 below)


14. Click Save.

15. Skip this step if you selected No for Assignment Required (step 13 above).  If you selected Yes for Assignment Required: 

  • Click Users and groups.
  • Click Add user/group.
  • Click users or groups in the Add Assignment dialog.
  • Within the dialog, search for the user/group that you wish to assign to the BrainStorm application.
  • Select and assign the user/group to be added. Repeat as needed



STOP

You will now need to go into the BrainStorm Admin porta(https://admin.brainstorminc.com) to configure SSO there and to obtain the Provider ID.


16. In the BrainStorm Admin portal click the account settings icon at the bottom left, then select SSO


17. Click the Add ID Provider button in the right corner

18. Name your SSO provider. This name will appear in your SSO settings

19. In the SSO Identity Provider (IdP) section > Select Microsoft Entra ID from the drop-down list

20. In the URL section input your metadata previously copied > Click Insert

21. Toggle on to Automatically update Metadata

22. Click NEXT

23. On the Attribute Mapping page verify attributes are correct

24. Toggle on Update user info based on mapping

25. Click Save Changes

26. Click on the name of the SSO that you just configured

27. Locate the Provider ID in the URL. This will be your BrainStorm SSO ID needed in your Microsoft Entra ID configuration.



STOP


28. Go back into your BrainStorm app within your Entra ID

29. In the Basic SAML Configuration section click Edit

30. Edit the Sign on URL to have the correct Provider ID (remove the ABC and add the Provider ID from step 27 above)

31.  Click SAVE


You can now test your SSO setup by logging in to the BrainStorm admin (http://admin.brainstorminc.com) or the end-user portal (https://app.brainstorminc.com)