1. Bigtincan Support
  2. Brainshark
  3. Admin
  4. Setup & Settings

How to Configure Entra/Azure for Brainshark SSO integration

Updated

Overview: Brainshark uses basic SAML which has the ability to create an account upon login and set identified variables (If autocreate is enabled in Brainshark) . Once the account is created, any future updates in Azure do NOT update the user in Brainshark. Microsoft doesn't natively support sending a claim with the Manager of the user.

Access link to STAGING: https://staging.brainshark.com/CompanyName

Access link to PROD: https://www.brainshark.com/CompanyName

Steps to Enable Basic SAML in Microsoft Entra: https://entra.microsoft.com

  1. Add the Application:
    • Log in to the Microsoft Entra admin center as a Cloud Application Administrator.  
    • Navigate to Identity > Applications > Enterprise applications > All applications.  
    • Click New application.
    • Select Non-gallery application.  
    • Enter a name for the application "Brainshark" and click Add.
  2. Configure Single Sign-On:
    • Select the newly added application.
    • In the Manage section, select Single sign-on.  
    • Choose SAML.
  3. Edit Basic SAML Configuration:
  1. Download Federation Metadata XML:
    • Under SAML Certificates
    • Verify the Notification Email is set to "UserID@Domain.com"
    • click Download for Federation Metadata XML.  
    • Save this file for later use.
  2. Configure the Application:
    • These Steps are performed by Brainshark support team  

Additional Considerations:

  • Attribute Mappings: If necessary, Brainshark can configure attribute mappings to map attributes from Microsoft Entra to Brainshark attributes.
  • Signing Certificates: You may need to upload the Brainshark certificate to Microsoft Entra if you are requiring the Authn request to be signed.  Brainshark always requires that the SAML responses are signed.
  • Testing: After configuring SAML, test the integration to ensure it's working correctly.

 

 

Create Entra Security Groups

Azure/Entra Security Group Brainshark Role Object ID
Application_Brainshark_Admin Admin  
Application_Brainshark_Manager Manager  
Application_Brainshark_User User  

 

  • For Testing - Assigned "User 1"

  • For Testing - Assigned "User 2"

  • For Testing - Assigned "User 3"

Add the Groups to the Brainshark Enterprise Application

  • Navigate to Enterprise Application | Brainshark | Users and Groups
  • Select Add user/group
  • Select appropriate Groups

Attributes & Claims

Microsoft Documentation: Customize SAML token claims - Microsoft identity platform | Microsoft Learn

Video: Overview of group assignment and claims in Entra ID | Microsoft

  • Claims Mapping Policy 5 minutes in

Add a group claim

Group claims are used to make authorization decisions to access a resource by an app or a service provider. To add group claims;

  • Navigate to Enterprise Application | Brainshark | Single sign-on
  • Edit "Attributes & Claims"

 

Add a Group Claim

  • Select "Add a group claim"
  • Select "Groups assigned to the application"
  • Select Attribute: Group ID

 

TEST SUCCESS: https://staging.brainshark.com/CompanyName

 

Security Group User Brainshark Role Connection
Application_Brainshark_Admin User 1 Admin SUCCESS
Application_Brainshark_Manager User 2 Manager SUCCESS
Application_Brainshark_User User 3 User SUCCESS
NOT ASSIGNED To ABOVE GRP User 4 N/A FAIL (Expected)

 

 

Non-Provisioned User = Fail (Expected) this is good

 

2nd TEST

Security Group User Brainshark Role Connection
Application_Brainshark_Admin User 1 Admin ADMIN
Application_Brainshark_Manager User 2 Manager MANAGER
Application_Brainshark_User User 3 User USER
NOT ASSIGNED To ABOVE GRP User 4 N/A N/A

Pass Department and Manager Fields

DEPARTMENT

 

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.