Integrating Brightflag with Your Company’s Single Sign-On (SSO) Tool

Integrating Brightflag with your company’s Single Sign-On (SSO) tool allows users to seamlessly access the Brightflag platform without manual logins.

Brightflag supports integration with most SSO platforms and provides setup guidance through your Brightflag Implementation Manager or Customer Success Manager (CSM).

Common SSO Platforms for Integration

Brightflag can integrate with nearly any SSO platform. Below are guides for some of the most commonly used platforms:

Setting Up a Google SSO Connection with Brightflag

Follow the steps below to set up Google SSO for Brightflag.

Step 1: Access Google Admin Console

• Go to Google Admin Console (https://admin.google.com).
• Click on Apps.
  
  
• Click on SAML Apps.
  
• Click on the Yellow + button.
  

Step 2: Configure a Custom SAML App

• Select SETUP MY OWN CUSTOM APP.
  
• Download the Certificate and IDP metadata, then send them to your Brightflag contact.
  
• Enter a name for your custom app, e.g., Brightflag, and click Next.
  

Step 3: Service Provider Details

Depending on your location, Brightflag uses different configurations. If you are unsure which region to select, contact your Implementation Manager.

• ACS URL: https://{region_prefix}.brightflag.com/consumeSaml
  (Replace {region_prefix} with the region-specific prefix from the table above.)

• Entity ID: https://{region_prefix}.brightflag.com

• Start URL: https://{region_prefix}.brightflag.com/saml/{CompanyName}
  (Replace {CompanyName} with your company's name.)

• Ensure NameID is mapped to Primary Email with the format set to EMAIL.
  

Step 4: Attribute Mapping

• Click Add New Mapping and finish the setup.
  
• Username should have the following mapping:
  • From: Basic Information
  • To: Primary Email
• Click Finish.
  

Tips for Successful Integration

🟢 Best Practice:

• If you are unsure about any of the fields or configurations, contact your Brightflag Implementation Manager for guidance.

⚠️ Common Issue:

• Ensure NameID is correctly mapped to Primary Email.
• Incorrect mapping can cause login issues.

Troubleshooting SSO Integration Issues

If you encounter any issues during the integration process:

1. Check the ACS URL and Entity ID – Ensure the region-specific prefix is correctly entered (e.g., app, enterprise, aus).
2. Verify Attribute Mapping – Confirm that Username is correctly mapped to Primary Email.
3. Contact Support – If problems persist, contact your Brightflag support team or Implementation Manager for further troubleshooting.