Single Sign-on (SSO)

Accessing Brightest and authenticating with your organization's directory or identity provider (IDP)

PreviousESG and Sustainability Settings NextMicrosoft SSO

Last updated 1 year ago

Single Sign-on (SSO)

Accessing Brightest and authenticating with your organization's directory or identity provider (IDP)

Brightest supports secure single sign-on (SSO) access through a variety of identity providers (IDPs), including Microsoft Azure Active Directory, Google, and Okta. Brightest SSO is implemented using Open ID Connect (), a simple identity layer on top of the OAuth 2.0 protocol that allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

To implement SSO with your Brightest account:

Confirm with your IT department which SSO IDP your organization uses, and share that information with your Brightest relationship lead. Note: SSO set up, testing, and configuration requires an additional one-time implementation fee.
Provide Brightest with a list or directory export of your Brightest account users within your Brightest onboarding questionnaire. Include (a) first name, (b) last name, (c) email, and (d) desired user role for each primary account user or admin.
During your Brightest implementation, Brightest will create an SSO Group for your organization and users based on the onboarding information or directory export you provide. Typically this process takes 1-2 weeks, depending on the size and complexity of your SSO Group directory.
During implementation, Brightest will map SSO identities to your designated Brightest SSO group and user directory, allowing your team to access Brightest through secure Oauth 2.0 authentication with their designated identity account. During the validation phase, you’ll be able to confirm SSO is working correctly before proceeding with end-user training.
If you need to adjust user roles and permissions, Brightest account admins can perform these changes within your account (), or you can change user roles and permissions programmatically using Brightest’s API and the OrgRole endpoint.

For more questions or to discuss Brightest SSO further, please contact your Brightest account representative. Our team is happy to meet with your IT department to confirm your requirements and optimal SSO set up approach.

PreviousESG and Sustainability Settings NextMicrosoft SSO

Last updated 1 year ago

To implement SSO with your Brightest account:

Confirm with your IT department which SSO IDP your organization uses, and share that information with your Brightest relationship lead. Note: SSO set up, testing, and configuration requires an additional one-time implementation fee.
Provide Brightest with a list or directory export of your Brightest account users within your Brightest onboarding questionnaire. Include (a) first name, (b) last name, (c) email, and (d) desired user role for each primary account user or admin.
During your Brightest implementation, Brightest will create an SSO Group for your organization and users based on the onboarding information or directory export you provide. Typically this process takes 1-2 weeks, depending on the size and complexity of your SSO Group directory.
During implementation, Brightest will map SSO identities to your designated Brightest SSO group and user directory, allowing your team to access Brightest through secure Oauth 2.0 authentication with their designated identity account. During the validation phase, you’ll be able to confirm SSO is working correctly before proceeding with end-user training.
If you need to adjust user roles and permissions, Brightest account admins can perform these changes within your account (), or you can change user roles and permissions programmatically using Brightest’s API and the OrgRole endpoint.