The BrainStorm platform's 2024 signing certificate for Single Sign-On will expire on November 20, 2024 and is being replaced with a new certificate. BrainStorm has updated metadata that can be imported into your Identity Provider (IdP), and a change may need to be made in the BrainStorm platform Admin Portal. Please follow the steps below, in order, to ensure continued BrainStorm access.


If your IdP doesn't require or check a Service Provider's signing certificate, then you will not need to make any changes. If you are unsure, please reach out to your IT/Identity/SSO Team.


If your IdP is OKTA, no action is required.

If your IdP is Azure, no action is required.


WS-Fed (e.g. ADFS)


If your IdP automatically updates a Service Provider's metadata, then you will not need to make any changes. If it doesn't, follow the step below.


IdP Configuration

  1. Update the existing BrainStorm platform configuration with the following metadata: https://brainstorminc.blob.core.windows.net/metadata/BrainStormWSFederationMetadata2025.xml 
    NOTE: Depending on your IdP, you may simply replace the existing metadata file and let the IdP extract the information. Or you may need to extract the information first and replace the respective configurations in your IdP.


SAML 2.0 (e.g. Ping Federate)


BrainStorm platform Configuration

  1. Login to the BrainStorm platform Admin portal using your BrainStorm administrator account
  2. Click Account Settings
  3. Click SSO
  4. Click on your Identity Provider Display Name
  5. Click on the Miscellaneous tab
  6. Locate the Signing Certificate pulldown menu and choose auth.brainstorminc.com 2025 November
  7. Click Save Changes


    NEXT go into your organization's SSO (Identity Provider)

    IdP Configuration
    1. Update the existing QuickHelp configuration with the following metadata:
      https://brainstorminc.blob.core.windows.net/metadata/BrainStormSamlMetadata2025.xml 

      NOTE: Depending on your IdP, you may simply replace the existing metadata file and let the IdP extract the certificate. Or you may need to extract the certificate first and replace the respective configurations in your IdP.