The Admin Portal manages Single Sign-On (SSO) via Auth0, which simplifies the authentication process for our clients and allows us to integrate via a variety of SSO providers.

Overview

Enterprise Connections: Auth0 allows us to create enterprise connections, which enable users to log in using their company's identity provider (IdP).

Currently, we support all enterprise connection methods supported by Auth0, the two most popular ones being SAML and OIDC. Both of which are very easy to set up.

New Connections

When setting up a new connection, depending on which protocol you are using, we will be providing you with:

• SAML:
  • Reply URL
  • Entity ID
• OIDC
  • Callback URL

You will then need to configure these values in your IdP according to the protocol you are using. Once configured, you will need to provide us with the following information, depending on the protocol:

• SAML
  • Sign-in URL
  • X509 Signing Certificate
• OIDC
  • Front Channel:
    • OpenID Connect Discovery URL
    • Client ID
  • Back Channel:
    • OpenID Connect Discovery URL
    • Client ID
    • Client Secret

Provisioning SSO Users

When a new SSO user logs in for the first time, the user will be automatically provisioned into the admin portal database. It is recommended that you expose the users' first and last name in their claims/authorizations so we can properly populate this data in our database, along with the role you wish the user to have. It is recommended to expose these values with the following names:

• first_name
• last_name
• role

Role Mapping

The Brightwell Admin Portal has two roles that users can be assigned:

• User (read-only access)
  • Role: readyremit_csr
• Admin (full admin access with the ability to perform actions)
  • Role: readyremit_admin