Integrating single sign-on


This section describes how to integrate Brightspot with single sign-on servers.

As a best practice, ensure users have email addresses as their usernames. You can then configure different authenticators for different email domains. For example, logins from users with an email address in the brightspot.com domain are routed to the Google Cloud Service authenticator, and logins from users with an email address in any domain outside of brightspot.com are routed to an Okta authenticator.

To integrate single sign-on:

  1. Click menu > Admin > Sites & Settings > Sites > Global.
  2. Click search, located to the left of more_horiz, and type Authenticators.
  3. Under Authenticators, do the following:
    1. Click add_circle_outline and select one of the available SAML authenticators.
    2. Using the tables in the following sections as a reference, update the fields as needed.
  4. Click Save.

Default Tool Authenticator

Brightspot's default tool authenticator provides the standard username/password challenge. Using the following table as a reference, complete the fields as needed.
FieldDescription
Valid DomainsEnter login email domains that are routed to this authenticator. For example, if you enter brightspot.com, login requests from emails in the brightspot.com domain (such as hello@brightspot.com) are routed to this authenticator.

Google Tool Authenticator

The Google Tool Authenticator uses Google Identity as the identify provider. For more information about this service, see Authentication methods at Google.

Using the following table as a reference, complete the fields as needed.
FieldDescription
Valid DomainsEnter login email domains that are routed to this authenticator. For example, if you enter brightspot.com, login requests from emails in the brightspot.com domain (such as hello@brightspot.com) are routed to this authenticator.

Users attempting to log in using an email domain that is not specified in this or any other SAML authenticator are routed to the default authenticator (a standard username/password challenge).
Client IDEnter your Google authenticator ID in the form YOUR_CLIENT_ID.apps.googleusercontent.com.
Allowed Hosted DomainsEnter email domains that are allowed to pass this authenticator. For example, if you enter brightspot.com in this field, then login attempts using emails in brightspot.com are allowed. Login attempts from other email domains fail.

Preset SAML Tool Authenticator

This authenticator uses an identity provider configured on your Brightspot server. Using the following table as a reference, complete the fields as needed.
FieldDescription
Valid DomainsEnter login email domains that are routed to this authenticator. For example, if you enter brightspot.com, login requests from emails in the brightspot.com domain (such as hello@brightspot.com) are routed to this authenticator.

Users attempting to log in using an email domain that is not specified in this or any other SAML authenticator are routed to the default authenticator (a standard username/password challenge).
ProvidersSelect one of the available identity providers.

Click View Service Provider Metadata to display the metadata that you must add to the selected identity provider's configuration.
Service provider metadata Service provider metadata
Displaying SAML service provider metadata

Self Service SAML Tool Authenticator

Use this authenticator to integrate a customized SSO server. For detailed information about this configuration, see Configuring a self-service SAML authenticator.

Tags
Our robust, flexible Design System provides hundreds of pre-built components you can use to build the presentation layer of your dreams.

Asset types
Module types
Page types
Brightspot is packaged with content types that get you up and running in a matter of days, including assets, modules and landing pages.

Content types
Modules
Landing pages
Everything you need to know when creating, managing, and administering content within Brightspot CMS.

Dashboards
Publishing
Workflows
Admin configurations
A guide for installing, supporting, extending, modifying and administering code on the Brightspot platform.

Field types
Content modeling
Rich-text elements
Images
A guide to configuring Brightspot's library of integrations, including pre-built options and developer-configured extensions.

Google Analytics
Shopify
Apple News