Configuring SSO allows your users to log in to Brainshark securely using their existing Microsoft Entra or Azure credentials. This feature streamlines the login process, automatically creates accounts for new users, and securely manages access by mapping identity provider attributes and groups directly to Brainshark roles.

Key features

• Authenticate users securely using basic SAML
• Create new user accounts automatically upon login
• Map identity provider attributes to Brainshark profile fields
• Assign Brainshark roles using group claim mapping

You need this to succeed

• Plan: Bigtincan Basic Content, Bigtincan Content, Bigtincan Elite, Bigtincan Essential, Bigtincan Standard, Bigtincan Standard Plus
• Permissions: Cloud Application Administrator (in Microsoft Entra) and Company Administrator (in Brainshark)
• Prerequisites: Microsoft Entra admin center access

Do this step by step

1. Log in to the Microsoft Entra admin center.
2. Click Identity, then select Applications.
3. Click Enterprise applications, then select All applications.
4. Click New application.
5. Select Non-gallery application.
6. Enter Brainshark as the application name, then click Add.
7. Click your newly added application.
8. Click Single sign-on in the Manage section.
9. Select SAML.
10. Click Edit under Basic SAML Configuration.

11. Fill in the required fields with the provided Brainshark URLs.

    Note: For a production environment, use:

    • Identifier (Entity ID)
      https://www.brainshark.com/brainshark/brainshark.services.auth/
    • Reply URL (Assertion Consumer Service URL):
      https://www.brainshark.com/brainshark/brainshark.services.auth/Saml2/Acs
    • Sign-On URL:
      https://www.brainshark.com/brainshark/brainshark.services.auth/Saml2/Acs
12. Verify the Notification Email is set correctly under SAML Certificates.

13. Click Download for the Federation Metadata XML and save the file.

    Note: The Brainshark support team configures the application using this downloaded file. You may also need to upload the Brainshark certificate to Microsoft Entra if you require signed authentication requests.

14. Click Edit under Attributes & Claims on the SSO page to map user roles.
15. Click Add a group claim.
16. Select Groups assigned to the application.

17. Select the Group ID for the attribute.

    Note: Group claims allow the service to make authorization decisions. You must create Entra security groups and add them to the Brainshark application to map users to roles, such as Administrator, Manager, or User. Microsoft does not natively support sending a claim to the manager of the user.