📨Inviting Team Members

Brightest supports secure single sign-on (SSO) access through a variety of identity providers (IDPs), including Microsoft Azure Active Directory, Google, and Okta.

Brightest SSO is implemented using Open ID Connect (https://openid.net/connect), a simple identity layer on top of the OAuth 2.0 protocol that allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

Once you've set up SSO in your account, you'll see a dedicated SSO login link on your "Manage Team" page:

To implement SSO with your Brightest account:

1. Confirm with your IT department which SSO IDP your organization uses, and share that information with your Brightest relationship lead. Note: SSO set up, testing, and configuration requires an additional one-time implementation fee.

2. Provide Brightest with a list or directory export of your Brightest account users within your Brightest onboarding questionnaire. Include (a) first name, (b) last name, (c) email, and (d) desired user role for each primary account user or admin.

3. Brightest SSO implementation typically takes 1-2 weeks, depending on the size and complexity of your SSO Group directory and the availability of your IT department to configure and test on their end.

4. If you need to adjust SSO user roles and permissions later on, Brightest account admins can perform these changes within your account (https://www.brightest.io/manage/team/), or you can change user roles and permissions programmatically using Brightest’s API and the OrgRole endpoint.

For more questions or to discuss Brightest SSO further, please contact your Brightest account representative. Our team is happy to meet with your IT department to confirm your requirements and optimal SSO set up approach.