SSO Setup
The Admin Portal manages Single Sign-On (SSO) via Auth0, which simplifies the authentication process for our clients and allows us to integrate via a variety of SSO providers.
Overview
Auth0 allows us to create enterprise connections, which enable users to log in using their company's identity provider (IdP).
Currently, we support all enterprise connection methods supported by Auth0, the two most popular ones being SAML and OIDC. Both of which are very easy to set up.
Role Mapping
There are three roles available for user mapping:
| Role | Description |
|---|---|
readyremit_admin | Admin |
readyremit_finance | Finance |
readyremit_csr | CSR |
Connection Setup
SAML
Information We Provide
Brightwell will provide the following details for both sandbox and production environments:
| Field | Value |
|---|---|
| Identifier | urn:auth0:readyremit:<connection-name> |
| Reply URL | https://login.brightwell.com/login/callback?connection=<connection-name> |
| Logout URL | https://login.brightwell.com/logout |
Information We Receive
Customers will provide:
- A login URL
- An x509 certificate These are used to create the enterprise connection in Auth0.
Post-Connection Steps
- Enable Home Realm Discovery on the connection and set the URL.
- In the Applications tab, enable the following for the target environment:
- Brightwell SPA app
OIDC
Information We Receive
Customers provide an OIDC discovery URL. We use this to create the enterprise connection and then inspect the JSON response from the URL to determine whether the requested scopes need to be updated to include the scope for the user role.
Information We Provide
Provide the customer with the following details for both sandbox and production environments:
| Field | Value |
|---|---|
| Reply URL | https://login.brightwell.com/login/callback |
| Logout URL | https://login.brightwell.com/logout |
Note: The Reply URL for OIDC does not require a
connectionquery parameter.
Updated about 18 hours ago