How to: Utilize Single Sign-On (SSO)

Secure your account and make registering easy with Single Sign-On.

Brandlive supports Single Sign-On (SSO) for organizations utilizing Security Assertion Markup Language (SAML) 2.0 and OpenID Connect (ODIC) for easy, secure authentication into the platform. SSO can be set up for Admins and other users logging into their Brandlive Platform account or for attendees logging into a public site. Follow the instructions below to set up SSO for either use case. 

Using SAML 2.0

Step 1: First, you'll configure a SAML integration with help from your IT department.

Settings

Single Sign-On URL: https://sso.brandlive.cloud/saml2/idpresponse

Audience URI (SP Entity ID): urn:brandlive:identity:sp

Attribute Statements: These values will depend on your SSO configuration. Mark them down as they will need to be inserted into the Streams platform.

  • Email (required)

  • First Name (optional)

  • Last Name (optional)

Settings Example

SAML2.png

Attributes Example

SSO_2.png

Step 2: Link your Streams channel to your SAML integration.

First, log in to Brandlive admin. 

Screen_Shot_2023-01-20_at_10.03.06_AM.png

Then, navigate to the gear icon in the lower left corner; Select Integrations from the flyout panel.

Streams2.png

Finally, find the SAML integration card and click configure.

SSO_5.png 

Step 3: Configure SAML for your channel

  • XML URL: Metadata XML url for the SAML integration created in step 1. This should be auto-generated when you create the integration.
  • Login Button Text: The text you would like displayed on your Login Button
  • Attribute Mapping: This should match the attribute mappings created in step 1.
  • Upload Image (Optional): Image displayed on Login Button

Once the SAML configuration is complete and turned on, you will be able to add it to any of your events in the registration settings.

See the section titled "Enabling SSO" below to make SSO available for your users. 

Using OIDC

Step 1: Configure an OIDC integration with help from your IT department.

Settings

  • Application Type: Web
  • Grant Type: Authorization Code
  • Sign-in Direct: https://sso.brandlive.cloud/oauth/oidc (This can be added to the list if you already have an OIDC integration)

Please note the following information from your OIDC integration:

  • OIDC Issuer (URL)

  • Client ID

  • Client Secret

  • Attribute Names

Step 2: Link your Streams channel to your OIDC integration.

First, log in to Brandlive Platform.

Screen_Shot_2023-01-20_at_10.03.06_AM.png 

Then, navigate to the gear icon in the lower left corner; Select Integrations from the flyout panel.

Streams2.png

Finally, find the OIDC integration card and click configure.

SSO_6.png

Step 3: Configure OIDC for your channel.

  • OIDC Issuer: Value noted in Step 1
  • Client ID: Value noted in Step 1
  • Client Secret: Value noted in Step 1
  • Login Button Text: The text you would like displayed on your Login Button
  • Attribute Mapping Email (Required), First Name (optional), Last Name (optional): These values will depend on your OIDC service. Please contact your IT department for the proper values.
  • Upload image (optional): Image displayed on Login Button

Once the OIDC configuration is complete and turned on, you will be able to add it to any of your events in the registration settings.

See the section titled "Enabling SSO" below to make SSO available for your users. 

Using Oauth 2

Step 1: Configure an Oauth 2 integration with help from your IT department.

Although we generally suggests using OIDC first in place of Oauth2 flows for ease of use and setup, Brandlive does offer options for users who would like to use Oauth SSO flows instead.

Settings

  • Application Type: Web
  • Grant Type: Authorization Code
  • Sign-in Direct: https://brandlive-prod.auth.us-west-2.amazoncognito.com/oauth2/idpresponse (This can be added to the list if you already have an Oauth 2 integration)

Please note the following information from your Oauth 2 integration:

  • Client ID
  • Client Secret
  • Authorization Server URL
  • Token Server URL
  • Resource Server URL
  • Logout URL
  • Login Button Text
  • Scopes
  • Attribute Names
  • Custom Query Parameters
  • Upload Image

Step 2: Link your Streams channel to your Oauth 2 integration.

First, log in to Brandlive Platform.

Screen_Shot_2023-01-20_at_10.03.06_AM.png

Then, navigate to the gear icon in the lower left corner; Select Integrations from the flyout panel.

Streams2.png

Finally, find the Oauth 2 integration card and click configure.

Screen_Shot_2022-10-27_at_4.20.31_PM.png

Step 3: Configure Oauth 2 for your channel.

  • Client ID: Value noted in Step 1
  • Client Secret: Value noted in Step 1
  • Authorization Server URL: Value noted in Step 1
  • Token Server URL: Value noted in Step 1
  • Resource Server URL: Value noted in Step 1
  • Logout URL: Value noted in Step 1
  • Login Button Text: The text you would like displayed on your Login Button
  • Scopes: Value noted in Step 1
  • Attribute Mapping Email (Required), First Name (optional), Last Name (optional): These values will depend on your Oauth 2 service. Please contact your IT department for the proper values.
  • Custom Query Parameter: Your custom query parameters will be appended to the authorization server url when an attendee is redirected to sign in.
  • Upload image (optional): Image displayed on Login Button

Step 4: Sign-in Redirect URL

In your backend system you will likely need to provide a Sign-in redirect URL, which will be your channel url (custom or otherwise) with /sso-redirect at the end. For example, example.brandlive.com/sso-redirect.

Once the Oauth 2 configuration is complete and turned on, you will be able to add it to any of your events in the registration settings.

See the section titled "Enabling SSO" below to make SSO available for your users. 

Enabling SSO

To enable Single Sign-On for Brandlive Platform account Administrators, Site builders, and other users (i.e. those logging into https://admin.brandlive.com/), please contact your Account Manager to complete the final step. If you are unsure who your Account Manager is, please reach out to support@brandlive.com. 

To enable Single Sign-On for attendees logging into your site, open your event in Brandlive's Sitebuilder and navigate to the Registration tab:

enable_SSO_for_attendees_1.png

Then, select "SSO Registration" from the page menu.

Toggle on the button next to "Single sign on" and publish your page:

enable_SSO_for_attendees_2.png

Attendees will now be able to log into your site using their Single Sign-On credentials. 

Related Articles

 

Top