Bright Funds SAML Single Sign-On (SSO) integration

This topic describes how to configure Bright Funds for Single Sign-On (SSO) in CyberArk Identity using SAML.

Trusted applications were developed by trusted sources and not certified by CyberArk. CyberArk provides limited support for this application.

Bright Funds SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time (JIT) provisioning

You can choose only IdP-initiated SSO, only SP-initiated SSO, or both methods.

Before you begin

Make sure you have an account in Bright Funds with administrator access.

Configure the Bright Funds app template in the Identity Administration portal

Step 1: Add the Bright Funds web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. Go to the Trust tab.

  1. In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata.

    This file is used later when you configure the SAML integration in Bright Funds.

  2. In the Service Provider Configuration section, select Manual Configuration, then enter the following values. Click Save after you finish.

    Service provider settings
    Setting Description

    SP Entity ID

    When you configure Bright Funds, copy the Account ID and paste it here. See Configure Bright Funds for SAML SSO.

    Assertion Consumer Service (ACS) URL

    Obtain this value from the Bright Funds application. Go to Account Settings > Single sign-on. Copy the SAML endpoint URL.

Step 3: Configure permissions to grant Bright Funds users SSO access

Grant SSO access to Bright Funds users by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Bright Funds for SAML SSO

Perform these steps in Bright Funds to configure the Bright Funds app template for SSO.

  1. Sign in to the Bright Funds application and go to the Single Sign-On Settings tab.

  2. Copy the Account ID and SAML endpoint URL. You need this for the Service Provider Configuration in Configure the Bright Funds app template in the Identity Administration portal.

  3. Upload the IdP SAML metadata you downloaded from the Identity Administration portal.

  4. Click Save SSO.

Test the Bright Funds SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Bright Funds, Bright Funds users can benefit from IP-initiated or SP-initiated SSO.

To test IdP-initiated SSO:
  1. Sign in to CyberArk Identity with a user account that exists both the Bright Funds application and CyberArk Identity.

  2. Click the Bright Funds application tile to launch Bright Funds in a new tab and automatically sign in.

To test SP-initiated SSO:
  1. Go to the Bright Funds SSO login URL.

  2. Enter the BrightFunds Account ID and click Log in to your account with SSO.

    After you successfully authenticate, you are redirected to the Bright Funds application.