Learn about Single Sign-On (SSO) options available with MindBridge. This document is intended for IT professionals that manage SSO for their organization.
If your firm uses Microsoft Office 365, Microsoft Azure Active Directory (AD), or Google G Suite, you can use your existing work account to sign in to MindBridge without setting up a password. No special configuration is required in MindBridge.
In the background, MindBridge uses the OpenID Connect protocol to authenticate with these providers. MindBridge can also integrate with other OpenID Connect providers such as Okta with some additional configuration.
MindBridge does not support the SAML protocol. Automated user provisioning is also not supported at this time. A user with the App Admin role will need to invite users into the system via the UI.
Customers can limit the email domains and authentication mechanisms used to access their MindBridge tenant. We recommend that once the SSO integration is tested and validated by the customer, customers contact MindBridge to set up domain restrictions and configure the organization's SSO provider as the only allowed authentication mechanism.
No special configuration is required for integration with G Suite.
Microsoft Azure AD (AAD) / Microsoft Office 365
As long as your users exist in AAD either directly or via federation (e.g. ADFS), and their email addresses in Azure AD match the email addresses used to invite them to MindBridge, they will be able to sign in.
Many organizations have AAD configured to require administrator consent in order to allow authentication. Azure AD administrators can navigate directly to https://login.mindbridge.ai/idp/microsoft/consent to initiate the process. Microsoft will prompt the administrator to consent on behalf of the organization to allow the app to use SSO.
Some organizations use AAD app restrictions to control which users can authenticate to an app in AAD. If this is the case with your organization, an Azure AD admin may need to grant a security group access to the application (bd8005bc-f19b-4cec-a17b-2ce640880eba), and add your MindBridge users to it, so members can log in.
Administrators can immediately configure and test Azure AD integration using the steps above. No additional configuration is required in the MindBridge app
In order to integrate with Okta, your MindBridge Customer Success Manager will need to know your Okta URL, like https://example.okta.com, and the email domain used by your users.
Additional security restrictions
Customers can limit the email domains and authentication mechanisms used to access their MindBridge tenant. We recommend that once the SSO integration is tested and validated by the customer, customers contact MindBridge to set up domain restrictions and disable password login. Your MindBridge Customer Success Manager will need to know the email domain(s) used by your user population.