BrainStorm is compatible with Microsoft Azure Active Directory using the BrainStorm Platform SSO Application available within Microsoft's Enterprise applications. 

IMPORTANT! 

Your BrainStorm account ID is required to configure the Azure SSO App. If you do not know your BrainStorm ID, contact your BrainStorm administrator or your BrainStorm Client Success Manager.

1. Login to the Microsoft 365 Admin center and select Azure Active Directory.

   

2. Select Enterprise applications.

   

3. From the top, click New Application.

   

4. Using the search box at the top, enter BrainStorm Platform, then click the BrainStorm Platform tile.

   

   NOTE:  Make sure you click the BrainStorm Platform app with the black propeller hat logo.

5. Click Create at the bottom.

   

6. Once the app is added, a new BrainStorm Overview screen appears. Click Single sign-on from the left sidebar.

   

7. Select SAML as the single sign-on method.

   

8. Locate Basic SAML Configuration and click Edit.

   

9. Copy and paste the following entries:

   1. Identifier (Entity ID):

      urn:brainstorminc:auth:wsfed

   2. Reply URL:
      https://auth.brainstorminc.com/signin-wsfed

   3. Sign on URL:
      https://auth.brainstorminc.com/auth/wsfed?providerId=*BrainStormID*

   4. IMPORTANT! Use your BrainStorm ID in place of *BrainStormID* above. If you do not know your BrainStorm ID, contact your organization's BrainStorm administrator or your BrainStorm Client Success Manager.
   5. 
10. Click Save at the top, then click the X to close the window.
11. Locate User Attributes & Claims and click Edit.
12. By default, you should see SAML token attributes for givenname, surname, emailaddress, name (UPN), title, department. Verify defaults and click Save.
13. Locate Signing Certificateto access the App Federation Metadata. You have two options:
    1. Copy the URL and save it in a safe place for use in the BrainStorm Platform later, or
    2. Click the Download link next to Federation Metadata XML
       NOTE: If you use copy the URL (option a), you won't need to update the metadata later when it expires. BrainStorm can look for and update the metadata as needed.
14. Click  Properties and select Assignment Required to Yes or No.

    1. No (recommended): Any user in your Azure Active Directory can access the application and authenticate.

    2. Yes: Users must be assigned to the application before they can authenticate and access.
       

       
       

15. Click Save.
16. Skip this step if you selected No for Assignment Required.  If you selected Yes for Assignment Required,
    1. Click Users and groups.
    2. Click Add user/group.
    3. Click users or groups in the Add Assignment dialog.
    4. Within the dialog, search for the user/group that you wish to assign to the BrainStorm application.
    5. Select and assign the user/group to be added. Repeat as needed
17. Continue on to Step 2: Setup SSO in the BrainStorm Platform.