Brightspot CMS User Guide

Integrating single sign-on


This section describes how to integrate Brightspot with single sign-on servers.

As a best practice, ensure users have email addresses as their usernames. You can then configure different authenticators for different email domains. For example, logins from users with an email address in the brightspot.com domain are routed to the Google Cloud Service authenticator, and logins from users with an email address in any domain outside of brightspot.com are routed to an Okta authenticator.

To integrate single sign-on:

  1. Click menu> Admin > Sites & Settings > Sites > Global.
  2. Click search, located to the left of more_horiz, and type Authenticators.
  3. Under Authenticators, do the following:
    1. Click add_circle_outline and select one of the available SAML authenticators.
    2. Using the tables in the following sections as a reference, update the fields as needed.
  4. Click Save.

Default Tool Authenticator

Brightspot's default tool authenticator provides the standard username/password challenge. Using the following table as a reference, complete the fields as needed.
FieldDescription
Valid DomainsEnter login email domains that are routed to this authenticator. For example, if you enter brightspot.com, login requests from emails in the brightspot.com domain (such as hello@brightspot.com) are routed to this authenticator.

Google Tool Authenticator

The Google Tool Authenticator uses Google Identity as the identify provider. For more information about this service, see Authentication at Google.

Using the following table as a reference, complete the fields as needed.
FieldDescription
Valid DomainsEnter login email domains that are routed to this authenticator. For example, if you enter brightspot.com, login requests from emails in the brightspot.com domain (such as hello@brightspot.com) are routed to this authenticator.

Users attempting to log in using an email domain that is not specified in this or any other SAML authenticator are routed to the default authenticator (a standard username/password challenge).
Client IDEnter your Google authenticator ID in the form YOUR_CLIENT_ID.apps.googleusercontent.com.
Allowed Hosted DomainsEnter email domains that are allowed to pass this authenticator. For example, if you enter brightspot.com in this field, then login attempts using emails in brightspot.com are allowed. Login attempts from other email domains fail.

Preset SAML Tool Authenticator

This authenticator uses an identity provider configured on your Brightspot server. Using the following table as a reference, complete the fields as needed.
FieldDescription
Valid DomainsEnter login email domains that are routed to this authenticator. For example, if you enter brightspot.com, login requests from emails in the brightspot.com domain (such as hello@brightspot.com) are routed to this authenticator.

Users attempting to log in using an email domain that is not specified in this or any other SAML authenticator are routed to the default authenticator (a standard username/password challenge).
ProvidersSelect one of the available identity providers.

Click View Service Provider Metadata to display the metadata that you must add to the selected identity provider's configuration.
Service provider metadata
Displaying SAML service provider metadata

Self Service SAML Tool Authenticator

Use this authenticator to integrate a customized SSO server. For detailed information about this configuration, see Configuring a self-service SAML authenticator.

Previous Topic
Associating SSO groups with Brightspot roles
Next Topic
Configuring a self-service SAML authenticator
Was this topic helpful?
Thanks for your feedback.
The elements that get you up and running in a matter of days, from pre-built content types, to modules, to landing pages.

Content types
Modules
Landing pages
Everything you need to manage and administer content within Brightspot CMS, including plug-and-play integrations.

Dashboards
Publishing
Workflows
Admin configurations
A guide for installing, supporting and administering code on the Brightspot platform, including integrations requiring developer support to use.

Field types
Content modeling
Rich-text elements
Images