Brandkit provides optional Single Sign On (SSO) functionality for user registrations and login to reduce friction for new and returning users.

It is an advanced option that must be configured for you by Brandkit Support staff.

Once we turn on SSO in your account, you can choose to allow the following credential providers: 

  • Google
  • Facebook
  • Microsoft

Google

Once turned on - anyone with a valid Google/Gsuite/Gmail account can register and login by clicking the Login with Google button.

If the user is not currently logged into a Google account they will be asked to login to Google.

The first time someone logins with Google, the user will be asked verify/confirm the connection to Brandkit.

Subsequent logins should be one click access (provided they the user is logged into the provider).

Note: that User Role will be allocated to this use based on your Default User Role configured separately.

To activate Google login just ask Brandkit Support to turn on the feature.

Facebook

Once turned on - anyone with a valid Facebook account can register and login by clicking the Login with Facebook button.

If the user is not currently logged into a Facebook account they will be asked to login to Facebook.

The first time someone logins with Facebook, the user will be asked verify/confirm the connection to Brandkit.

Subsequent logins should be one click access (provided they the user is logged into the provider).

Note: that User Role will be allocated to this use based on your Default User Role configured separately.

To activate Facebook login just ask Brandkit Support to turn on the feature.

Microsoft/Azure

Once turned on - anyone with a valid Microsoft personal or organisation account can register and login by clicking the Login with Microsoft button.

If the user is not currently logged into a Microsoft account they will be asked to login to their Microsoft account.

The first time someone logins with Microsoft, the user will be asked verify/confirm the connection to Brandkit.

Subsequent logins should be one click access (provided they the user is logged into the provider).

Note: that User Role will be allocated to this use based on your Default User Role configured separately.

Optional configuration for accounts with Microsoft SSO


Option 1: SSO with open registrations (anyone can register/login using SSO)

Anyone with a Microsoft account (personal or organisation) can register and login. 

This would be typically be used in a more open approach with all SSO Credential providers (plus standard registration/login) shown as registration/login options for users.


Option 2: SSO with restricted registrations (Organization Azure Active Directory required)

Only users in the company’s Active Directory users can register.

You can choose to restrict SSO login (Azure AD only) to users in your nominated company Active Directory. This would be typically be used in a more closed approach with other registration options removed (no self-service registration) and registration is by either Invitation (by an Admin) or by the Login with Microsoft button (but limited to use by users in the company’s AD).

However, it’s still possible to enable users to self-service register (if your account is configured to allow it) with the standard registration process and User can always be invited by account Admins.

While it’s most probably unlikely, other SSO options can co-exist. E.g. You can still allow Google login, but restrict Microsoft SSO to your own AD users.

Restricted SSO Activation is a more complex than the others:

You will need:

  • A Brandkit Account.
  • A Microsoft Azure Account with Active Directory (Organization account, not personal).
  • To add Brandkit to your Azure AD (link)

The steps that you have to take:

  1. Login to your Azure account (as Azure Admin)
  2. Go to AD / Enterprise Applications / Add. Then, search for Brandkit.

3. Once found, select Brandkit and click ‘Sign up for Brandkit’ link.

4. Choose again which account you wish to setup/use.

Note: This will only work for Organization Accounts

(Note:  You will see this error message if you do not use an Organization Account)

5. Grant Brandkit permission to access the user profiles in your AD by clicking the Accept button.

6. All done from your side!

The Brandkit AD application is added to your AD, the Confirmation Page (shown below) will be displayed, and we will receive an email notification along with your Tenant ID generated by Microsoft.

Brandkit support will then add your Tenant ID to your account configuration in Brandkit. 

Please allow us some time to process this.

7.  Now, If you go to your Microsoft Azure application’s page (https://myapps.microsoft.com), you will see that Brandkit is already there :).

However, If you try to use it before we finish our setup (added your Tenant ID to your account configuration), you will see the same confirmation page  (as shown above). 

If you do it after we finish our setup. Your user will be logged in and be able to use your Brandkit! 

You can now spread the word to all the other users in your organization. 

Welcome aboard.

:)

Did this answer your question?