BrainStorm supports Google SSO using a custom SAML app.  The following attribute fields are available in the BrainStorm platform:

  • Email (required)
  • First Name (required)
  • Last Name (required)
  • Company
  • Department
  • Title


Although Company, Department, and Title are optional, we recommend that you include these attributes for your users.


NOTE: Your SSO Provider can allow BrainStorm access to all of your users or it can restrict access to specific users.  This behavior is determined by the configuration within your SSO Provider, not by BrainStorm.  Some SSO Providers restrict access by default.



NOTE: SSO is not enabled until both the Google admin console configuration and the BrainStorm configuration are complete.


1. Log in to the Google Admin Console as a Google Super Administrator.


2. Choose Apps > Web and mobile apps from the menu on the left.




3. Choose Add App > Add custom SAML app from the top drop-down menu.




4. Download the BrainStorm logo here.


5.  Enter BrainStorm in the App name field.


6. Click the camera icon.



7.  Navigate to the BrainStorm logo downloaded earlier.


8.  Click Continue.


9.  On the next screen, click Download Metada.


NOTE: This will be added in the BrainStorm Admin Console later.



10. Click Continue.


11.  Enter the following in the corresponding fields:


                ACS URL:  

                        https://auth.brainstorminc.com/signin-saml2

                Entity ID:  

                        urn:brainstorminc:auth:saml2

                Start URL:  

                        https://auth.brainstorminc.com

                Name ID format: 

                            UNSPECIFIED

                Name ID:  

                        Basic Information > Primary email



   

12.  Click Continue.


13.  Under Attributes, click ADD MAPPING.



14. Under Google Directory attributes, select the drop-down and choose Department.


15. In the App attributes field, enter department.


16. Repeat the above steps with other attributes so that it matches the following:



17. Click Finish.


18. On the configuration page for this new app, click the down arrow in the User access section. 




19. Chose the ON for everyone radio button.


NOTE: To turn the service on by organization unit or access group, please refer to the Turn on SAML app section of Google's custom SAML app documentation



20. Click Save.


21.  To complete the configuration, continue to the Configure SSO in BrainStorm article.  You will need to sign in as a BrainStorm admin to view this article and complete SSO setup.