đĢđ˛Microsoft SSO
To configure Brighest to use Microsoft Active Directory SSO, please follow these steps (and share this information with your IT department). For SSO, our application uses OpenID connect (OIDC) and OAuth 2.0 for Microsoft SSO. You will need to create a multi-tenant Microsoft application for SSO and provide us your application's:
Client (Application) ID
Secret â Create a secret in âCertificates & secretsâ and provide the value
You'll also need to set (add):
Logout url: https://www.brightest.io/logout/
Set the app type to "Web"
Make sure âMulti-Tenantâ is enabled
Microsoft graph permissions:
User.Reademailopenidprofile
Required Microsoft app authentication settings:
Required Microsoft Graph app roles and user permissions:
Once your information has been provided to the Brightest implementation team, we will create a secure, license-dedicated Microsoft SSO login URL for your users. This login URL can be found in your licenseâs team and user management portal (https://www.brightest.io/manage/team/), or can be shared with teammates via email invitations generated from Brightest:
Brightest user roles and permissions are set (and scoped) at the license (environment) level. If your organization has a multi-license hierarchy (where licenses might represent different brands, business units, and/or regions), you may want to consider providing different Azure access URLs and app credentials to different licenses or business units to more tightly control which employees are allowed to access which license(s), depending on your user management goals.
A central, global business and/or IT administrator will be able to manage and provision all user roles and permissions on the Brightest side, while access credentials will be governed by your Azure Active Directory.
For any additional questions, or to discuss your specific use case, please speak to your Brightest Account Executive (AE), Account Manager (AM), implementation lead, or Brightest support (support@brightest.io).
Last updated
