Configuring Single Sign On (SSO) in Brandkit 2
Brandkit provides optional Single Sign On (SSO) functionality for user registrations and login to reduce friction for new and returning users, in two flavours.
Open SSO
Once we ( or you) turn on SSO in your account, you can choose to allow the following credential providers:
- Microsoft
We refer to these as Open SSO providers. That is anyone with a Google or Microsoft account can register and login without having to create yet another password to remember.
While this is open to any Google or Microsoft authenticated user - the default user role e.g. Standard role (managed in Admin > Settings > User Roles), to determine what these user can do and access, once logged in.
Once turned on - anyone with a valid Google/Gsuite/Gmail account can register and login by clicking the login with Google button.
If the user is not currently logged into a Google account they will be asked to login to Google.
The first time someone logins with Google, the user will be asked verify/confirm the connection to Brandkit.
Subsequent logins should be one click access (provided they the user is logged into the provider).
Note: that User Role will be allocated to this use based on your Default User Role configured in Admin > Settings.
To activate Google login just ask Brandkit Support to turn on the feature.
Microsoft
Once turned on - anyone with a valid online Microsoft/365/Outlook account can register and login by clicking the login with Microsoft button.
If the user is not currently logged into a Microsoft account they will be asked to login to their Microsoft account.
The first time someone logins with Microsoft, the user will be asked verify/confirm the connection to Brandkit.
Subsequent logins should be one click access (provided they the user is logged into the provider).
Note: that User Role will be allocated to this use based on your Default User Role configured in Admin > Settings.
Setting up Open SSO
Your account Admin users (or Brandkit Support) can configure SSO for your account.
Where: Admin > Settings > User Authentication
Generally we recommend it’s a good idea to enable SSO (Google and Microsoft) for most accounts that allow Public access to view content.
If your account is locked down and private, and you prefer to explicitly invite users, then you;ll want to disable SSO for both Google and Microsoft. The exception to this being if you want to integrate with your staff ACL lists using Microsoft Entra ID (previously called Azure Active Directory). More on that later.
Enterprise SSO
Microsoft Entra ID (previously called Azure Active Directory)
For accounts with Plans that have the Enterprise SSO feature included, you have the option to allow only users in your organisations Entra ID/Active Directory (AD) to register or login via their Entra ID authentication. You can think of this as a Staff Only Login.
Note in Brandkit 2 you can use the Microsoft login for Open SSO or Enterprise SSO - not both.
To enable this you will need to talk to Brandkit Support and get them to activate it for you.
- You must supply Brandkit Support with a Tenant ID. Usually you’ll get this from your internal IT team,.
- Brandkit Support adds your Entra ID (aka Azure AD) Tenant ID to the Tenant ID input in your User Authentication settings page in your Brandkit account.
- Brandkit Support adds a callback URL for your specific domain to our (Brandkit’s) Entra ID settings. Note than you must have already settled on and setup a custom domain name, if you are going to use a custom domain name.
- Brandkit Support then edits the button text usually to “Staff Login” via CSS in your account’s Theme file.
Once Entra ID is enabled, the Microsoft Open SSL option will not be available. That is the Microsoft login button will be useable by staff only.
While it’s unlikely, other SSO options can co-exist. E.g. You can still allow Google login, but restrict Microsoft SSO to your own AD users.
Auth0 SSO (integrating with Auth0 services)
For accounts with Plans that have the Enterprise SSO feature included, you have the option to allow only users in your organisations Auth0 register to register or login via their Auth0 authentication. You can think of this as a Staff Only Login.
To enable this you will need to talk to Brandkit Support and get them to activate it for you.
- You must supply Brandkit Support with a Client ID, Client Secret & Domain, Usually you’ll get this from your internal IT team,.
- Brandkit Support adds your Auth0 details into your User Authentication settings page in your Brandkit account.
- Brandkit Support then enables an Auth0 login button and edit the button text usually to “Staff Login” via CSS in yout account’s Theme file.
While it’s unlikely, other SSO options can co-exist. E.g. You can still allow Open Google and Microsoft logins.
Welcome aboard.
:)
Configuring Single Sign On (SSO) in Brandkit 2
How to setup and configure SSO in Brandkit 2.
