Configure Single Sign-On
This article describes the general steps to configure secure access to your Brinqa Platform through single sign-on (SSO). For specific instructions, see configuring single sign-on in Microsoft Entra ID (formerly known as Azure Active Directory) or Okta.
Introduction
Brinqa recommends configuring secure access to your Brinqa Platform, a process that involves two steps:
-
Build an allowlist, a select group of core users' external IP addresses, for local authentication. This helps to ensure that only authorized users can access the Brinqa Platform from trusted devices.
-
Collaborate with your SSO provider to obtain metadata files (
sp.xml
andidp.xml
). The metadata files are necessary to enable SSO authentication in conjunction with Brinqa and ensures that users can access the Brinqa Platform securely.
Build an allowlist
For an added security measure, you should provide an allowlist of all external IP addresses to your Brinqa Customer Success Manager (CSM) for users who require access to your Brinqa Platform. This ensures secure access for authorized users. Alternatively, the Brinqa team can make your Brinqa Platform public for a short period of time to facilitate validation.
To grant access to individual users or a group of users, follow these steps:
-
Provide your Brinqa CSM with the external IP addresses of the users you want to have access to your Brinqa Platform.
-
Brinqa verifies if the specified users exist in your Brinqa Platform. If any users do not exist, your Brinqa CSM will create them for you.
-
Brinqa creates an allowlist and updates the authentication methods for those users in your Brinqa Platform.
-
The specified users receive an email with password reset instructions.
Set up SSO authentication
In addition to configuring the allowlist for your specified IP addresses, you must obtain the necessary metadata files (sp.xml
and idp.xml
) to enable SSO authentication. The remainder of this section describes the general process.
For SSO authentication enablement, follow these steps:
-
Navigate to
https://<YourCompanyName>.brinqa.net/sp.xml
to obtain the Service Provider (sp.xml)
file required by your SSO administrator.- The
sp.xml
file contains information about the Brinqa Platform. Your SSO administrator uses this file to configure the connection between your organization's SSO solution (IdP) and the Brinqa Platform (SP).
- The
-
Request your SSO administrator to generate an Identity Provider (
idp.xml
) file and email a copy of theidp.xml
file to your Brinqa CSM directly.- The
idp.xml
file is the Identity Provider metadata file generated by your SSO administrator. The file contains information about your organization's SSO solution, such as SSO endpoints and public keys for signing and encrypting messages. Your Brinqa CSM uses this file to configure the connection between the Brinqa Platform (SP) and your organization's SSO solution (IdP).
- The
-
The Brinqa team enables SSO in your Brinqa Platform and works with you to ensure a successful login.
By exchanging these metadata files (sp.xml
and idp.xml
), both your Brinqa CSM and SSO administrator can securely establish trust and enable SSO authentication for accessing your Brinqa Platform.
Logging in to Brinqa
To log in to your Brinqa Platform from a web browser, follow these steps:
-
Enter the URL of your Brinqa Platform in any web browser. The welcome page displays. The base URL for each Brinqa Platform has the following default format:
https://<YourCompanyName>.brinqa.net
.-
If your Brinqa Platform uses SSO, you can use an external identity provider such as Google or Okta to authenticate.
-
If your Brinqa Platform does not use SSO, enter your username or email address, and then your password.
-
-
Click Log in.
These steps assume that you have already worked with your Brinqa CSM to ensure that your login credentials are correct and you can successfully access the Brinqa Platform. If you have not yet obtained your credentials or need any assistance, consult your assigned Brinqa CSM.