Brandkit provides optional Single Sign On (SSO) functionality for user registrations and login to reduce friction for new and returning users, in two flavours.

It is an advanced option that must be configured for you by Brandkit Support staff.

Open SSO

Once we turn on SSO in your account, you can choose to allow the following credential providers: 

  • Google
  • Microsoft

We refer to these as Open SSO providers. That is anyone with a Google or Microsoft account can register and login without having to create yet another password to remember. 

While this is open to any Google or Microsoft authenticated user - we use the Default User Role (managed in Admin > Users > Manage User Roles), to determine what these user can do and access.

Google

Once turned on - anyone with a valid Google/Gsuite/Gmail account can register and login by clicking the Login with Google button.

If the user is not currently logged into a Google account they will be asked to login to Google.

The first time someone logins with Google, the user will be asked verify/confirm the connection to Brandkit.

Subsequent logins should be one click access (provided they the user is logged into the provider).

Note: that User Role will be allocated to this use based on your Default User Role configured separately.

To activate Google login just ask Brandkit Support to turn on the feature.

Microsoft

Once turned on - anyone with a valid Microsoft personal  account can register and login by clicking the Login with Microsoft button.

If the user is not currently logged into a Microsoft account they will be asked to login to their Microsoft account.

The first time someone logins with Microsoft, the user will be asked verify/confirm the connection to Brandkit.

Subsequent logins should be one click access (provided they the user is logged into the provider).

Note: that User Role will be allocated to this use based on your Default User Role configured separately.

Setting up Open SSO

This is a simple switch in your account. Just contact Brandkit Support who can turn this on (or off) for you. 

Generally we recommend this as a good option for most accounts.

---

Enterprise SSO with Microsoft's Azure Active Directory
(Organization Azure Active Directory required)

For accounts on an Enterprise Plan, Enterprise SSO is an option to allow only users in the organisations Active Directory (AD) to register or login via their AD authentication..

Note that accounts can have both Enterprise SSO and other login methods running concurrently, OR be limited to Enterprise SSO only (as shown in the example below).

This would typically be used in a staff access only Brandkit, with other registration and login options removed (no self-service registration). User click the [Login with Active Directory] button to both register the first time, and to login subsequently.

It’s still possible to enable users to self-service register (if your account is configured to allow it) with the standard registration process.

While it’s unlikely, other SSO options can co-exist. E.g. You can still allow Google login, but restrict Microsoft SSO to your own AD users.

Setting up Enterprise SSO  is a more complex than Open SSO:

You will need:

  • A Brandkit Account.
  • A Microsoft Azure Account with Active Directory (Organization account, not personal).
  • To add Brandkit to your Azure AD (link)

The steps that you have to take:

  1. Login to your Azure account (as Azure Admin)
  2. Go to AD / Enterprise Applications / Add. Then, search for Brandkit.

3. Once found, select Brandkit and click ‘Sign up for Brandkit’ link.

4. Choose again which account you wish to setup/use.

Note: This will only work for Organization Accounts

(Note:  You will see this error message if you do not use an Organization Account)

5. Grant Brandkit permission to access the user profiles in your AD by clicking the Accept button.

6. All done from your side!

The Brandkit AD application is added to your AD, the Confirmation Page (shown below) will be displayed, and we will receive an email notification along with your Tenant ID generated by Microsoft.

Brandkit support will then add your Tenant ID to your account configuration in Brandkit. 

Please allow us some time to process this.

7.  Now, If you go to your Microsoft Azure application’s page (https://myapps.microsoft.com), you will see that Brandkit is already there :).

However, If you try to use it before we finish our setup (added your Tenant ID to your account configuration), you will see the same confirmation page  (as shown above). 

If you do it after we finish our setup. Your user will be logged in and be able to use your Brandkit! 

You can now spread the word to all the other users in your organization. 

Welcome aboard.

:)

Did this answer your question?