Summary
Learn about Single Sign-On (SSO) options available for use within the MindBridge platform:
This document is intended for IT professionals that manage SSO access for their organization.
SSO options
If your firm uses Microsoft Entra ID (formerly Azure Active Directory) or Google G Suite, you can use your existing work account to sign in to MindBridge without setting up a password. No special configuration is required.
In the background, MindBridge uses the OpenID Connect (OIDC) protocol to authenticate with these providers. MindBridge can also integrate with other OpenID Connect providers such as Okta with some additional configuration.
MindBridge does not support the SAML protocol.
Customers can limit the email domains and authentication mechanisms used to access their MindBridge tenant. We recommend that once the SSO integration is tested and validated by the customer, customers contact MindBridge to set up domain restrictions and configure the organization's SSO provider as the only allowed authentication mechanism.
G Suite
No special configuration is required for integration with G Suite.
Microsoft Entra ID (formerly Azure AD) / Microsoft Office 365
As long as your users exist in Entra ID either directly or via federation (e.g. ADFS), and their email addresses in Entra ID match the email addresses used to invite them to MindBridge, they will be able to sign in.
Many organizations have Entra ID configured to require administrator consent in order to allow authentication. Entra ID administrators can navigate directly to https://login.mindbridge.ai/idp/microsoft/consent to initiate the process. Microsoft will prompt the administrator to consent on behalf of the organization to allow the app to use SSO.
Some organizations use Entra ID app restrictions to control which users can authenticate to an app in Entra ID. If this is the case with your organization, an Entra ID admin may need to grant a security group access to the application (bd8005bc-f19b-4cec-a17b-2ce640880eba), and add your MindBridge users to it, so members can log in.
Administrators can immediately configure and test Entra ID integration using the steps above. No additional configuration is required in the MindBridge app.
Entra ID can automatically provision users in your MindBridge tenant using an outbound SCIM integration. For more information, please refer to Implement user provisioning from Microsoft Entra ID using SCIM.
Okta
In order to integrate with Okta, your MindBridge Customer Success Manager will need to know your Okta URL, like https://example.okta.com, and the email domain used by your users.
Additional security restrictions
Customers can limit the email domains and authentication mechanisms used to access their MindBridge tenant. We recommend that once the SSO integration is tested and validated by the customer, customers contact MindBridge to set up domain restrictions and disable password login. Your MindBridge Customer Success Manager will need to know the email domain(s) used by your user population.
Anything else on your mind? Chat with us or submit a request for further assistance.