IMPORTANT: Before setting up SSO in BrainStorm, you must first configure your identity provider (IdP).
NOTE: For this set up, you will need to provide your organization's metadata using a URL (recommended) or an XML file.
Configuration Page (Required)
1. From the left sidebar, click the account settings icon at the bottom left, then select SSO.
2. Click the blue Add ID Provider button
3. Enter a name for your SSO Provider.
NOTE: This name will appear in your SSO settings
4. Select your SSO Provider from the drop down list
5. SSO Type will pre-fill if Microsoft Entra ID, ADFS, Okta, Google or SAML, is selected
NOTE: If "other" is selected, you will need to enter SSO Type
6. Add your SSO metadata, You may add this in one of two ways
- Attach the XML file from your provider by clicking Browse in the File field.
- Enter the metadata URL in the URL field. (Recommended)
NOTE : If you use a URL you have the option to automatically update your metadata. If selected, BrainStorm will check your SSO certificate nightly for imports. If an update or change is found it will be automatically imported into the BrainStorm platform.
7. Click Next
Attribute Mapping (Required)
1. Map SSO Information to System Field Name
NOTE: Microsoft Entra ID, Okta, Google, and ADFS will prefill. You will not need to change them, only verify them.
If using other IdP: Map your organization's SSO attributes to fields available in the BrainStorm platform.
First name, last name, and email address are required.
We recommend that you include job title and department.
2. Toggle on Update user info based on mapping
3. If using Microsoft Entra ID or ADFS (or other WS Federation SSO type) click FINISH
4. For Google or SAML IdP click Next
Miscellaneous
1. Omit Assertion Signation Check (Pre-configured ON)
If turned on, BrainStorm will not verify the signature in your SAML response
2. Use SiteMinder (Pre-configured OFF)
If you are using SiteMinder as the IdP, turn this option on.
3. Sign Request (Pre-Configured ON)
If turned on, BrainStorm will sign the request.
IMPORTANT:
4. Signing Certificate: From dropdown select auth.brainstorminc.com 2025 November certificate
BrainStorm's current certificate.
5. Signature Algorithm: (Pre-configured SHA256)
6. Force Auth (Pre-Configured OFF)
If turned on, BrainStorm will add a ForceAuthn attribute in the request from BrainStorm. However, whether this is used or not depends on your IdP. ForceAuth is a standard SAML attribute
7. Is Passive (Pre-Configured OFF)
If turned on, BrainStorm will add an isPassive attribute in the request from BrainStorm. As with Force Auth, whether this is used or not depends on your IdP. isPassive is a standard SAML attribute.
8. Response Encoding (Pre-configured UTF-8)
9. Certificate Validation (Pre-configured Selfsigned Certificate)
10. Click FINISH