Okta SAML Setup

Background

SAML is a service that allows organizations to manage authentication across in-house and external web/mobile apps and services.  This document discusses the installation steps necessary to integrate Brilliant Authentication via SAML SSO. Note: if your Single Sign-On provider is Azure, there is a separate guide covering integrating with Azure SAML SSO.

Through the Brilliant/SAML SSO/IDP integration, the following steps are necessary:

1. Create the SAML SSO Application
2. Create a user account (register) at brilliantmade.com using your company email address
3. Exchange integration information between your SAML SSO application and Brilliant SAML integration settings for your company
4. Test that login is successful

SAML Application Setup 

Before we begin, there are some assumptions being made. One, that you are a Company Manager and either you, or someone you are working closely with inside of your company is an SAML Administrator. Two, you have registered with Brilliant using your company email address.

After the above criteria has been established, the steps involved in setting up the SAML SSO application include:

1. Login to Brilliant using your email address and password
2. Navigate into your Company -> Automations ->  SAML Integration General Settings
3. In a separate browser tab or window, login to your SAML provider
4. Create a new SAML application, choosing SAML 2.0
5. Give your new application a name, for example “Brilliant SSO”
6. Follow the instructions below to complete your integration

In the SAML Integration General Settings page in Brilliant (Figure 1):

1 copy the Sign On URL to your IDP and

2 enter an Identifier; this can be any value as long as it matches what is entered in your IDP (Figure 2). 3 Ensure the Name ID Format is set to either EmailAddress or unspecified. Brilliant requires the following additional user attributes: Full Name, Email address, and unique user ID. These should be mapped to name, email and uid fields similar to how they are configured in Figure 3.

Save your SAML application in your IDP and then view the application details as in Figure 4. Copy and paste the 4 Login URL, 5 Logout URL, 6 SHA1 formatted fingerprint and 7 the signing certificate from your IDP into the Brilliant configuration fields (Figure 5). The signing cert must be the full certificate, including -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- values.

Figure 1

Figure 2

Figure 3

Figure 4

Figure 5

Questions or Issues?

Email [email protected] for anything related to our SSO integrations.