Bright Funds SAML Single Sign-On (SSO) integration
This topic describes how to configure Bright Funds for Single Sign-On (SSO) in CyberArk Identity using SAML.
Bright Funds SSO supported features
This application template supports the following features:
-
IdP-initiated SSO
-
SP-initiated SSO
-
Just-in-time (JIT) provisioning
You can choose only IdP-initiated SSO, only SP-initiated SSO, or both methods.
Before you begin
Make sure you have an account in Bright Funds with administrator access.
Configure the Bright Funds app template in the Identity Administration portal
Step 1: Add the Bright Funds web app template
-
In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.
-
On the Search page, enter the application name in the Search field and click the search button.
-
Next to the application name, click Add.
-
On the Add Web App page, click Yes to confirm.
-
Click Close to exit the Application Catalog.
The application opens to the Settings page.
Step 2: Configure Trust settings
-
Go to the Trust tab.
-
In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata.
This file is used later when you configure the SAML integration in Bright Funds.
-
In the Service Provider Configuration section, select Manual Configuration, then enter the following values. Click Save after you finish.
Service provider settings Setting Description SP Entity ID
When you configure Bright Funds, copy the Account ID and paste it here. See Configure Bright Funds for SAML SSO.
Assertion Consumer Service (ACS) URL
Obtain this value from the Bright Funds application. Go to Account Settings > Single sign-on. Copy the SAML endpoint URL.
Step 3: Configure permissions to grant Bright Funds users SSO access
Grant SSO access to Bright Funds users by assigning permissions to users, groups, or roles.
-
On the Permissions page, click Add.
-
Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.
The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.
-
Select the permissions you want and click Save.
Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.
Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.
Step 4: Review and save
Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.
Configure Bright Funds for SAML SSO
Perform these steps in Bright Funds to configure the Bright Funds app template for SSO.
-
Sign in to the Bright Funds application and go to the Single Sign-On Settings tab.
-
Copy the Account ID and SAML endpoint URL. You need this for the Service Provider Configuration in Configure the Bright Funds app template in the Identity Administration portal.
-
Upload the IdP SAML metadata you downloaded from the Identity Administration portal.
-
Click Save SSO.
Test the Bright Funds SSO configuration
Now that you have finished configuring the application template settings in the Identity Administration portal and Bright Funds, Bright Funds users can benefit from IP-initiated or SP-initiated SSO.
-
Sign in to CyberArk Identity with a user account that exists both the Bright Funds application and CyberArk Identity.
-
Click the Bright Funds application tile to launch Bright Funds in a new tab and automatically sign in.
-
Go to the Bright Funds SSO login URL.
-
Enter the BrightFunds Account ID and click Log in to your account with SSO.
After you successfully authenticate, you are redirected to the Bright Funds application.
