Enabling Federated SSO for BrightTALK Central

BrightTALK Central can be configured to enforce federated Single Sign-On via your Identity provider (IdP).  This will enable you to control which users have Channel Manager or Owner access to your Account.  We support two methods for SSO: SAML or OIDC (OAuth).  Please see the below table of contents for information on how to get started:

SSO considerations and best practices

  • Check that all your current BrightTALK Channel Manager/Owners are set up with SSO credentials in your IdP - any users not present in both locations with exact match email addresses will lose access upon deploying SSO.
  • Note: since the Channel Manager permission itself is still controlled within BrightTALK Central, we recommend just provisioning all users in your IdP to have access to BrightTALK for simplicity.
  • Do not use a sandbox instance. A testing step is included in the setup process to ensure that SSO activates successfully before you deploy.

  • If your company has multiple BrightTALK Central Accounts, please make sure to identify all Accounts that will need SSO so we can provision accordingly.

  • In order to expedite the setup process, we recommend that you be both a Channel Manager/Owner in BrightTALK Central and an Admin in your IdP.

Setup instructions for SAML

  1. First, submit a ticket with the subject line “Please enable SAML SSO for [your company name]”.  In the ticket, please provide a link to your BrightTALK Central Account(s).

  2. We will then provide you with a domain URL to use for the setup in your IdP.

  3. In your IdP, you’ll need to generate a metadata XML file with a minimum of three attributes: email, family name, and given name. 

  4. We also strongly recommend provisioning a test user for BrightTALK in your IdP- I.e.BrightTALKTest@[yourdomain].com.  This will allow us to verify the setup is working without risking any potential disruptions for your users.  Once we are done with this verification step, you can delete that user.

  5. Using the same support ticket you submitted earlier, please share that metadata XML file and (if using) the email and password for the test user.

  6. We will then complete the set-up on our side and confirm when it is implemented successfully.

Setup instructions for OIDC (OAuth)

  1. First, submit a ticket with the subject line “Please enable OIDC SSO for [your company name]”.  In the ticket, please provide a link to your BrightTALK Central Account(s).

  2. We will then provide you with a domain URL to use for the setup in your IdP.

  3. You should then create the app for us to authenticate with.  We also strongly recommend provisioning a test user for BrightTALK in your IdP- I.e.BrightTALKTest@[yourdomain].com.  This will allow us to verify the setup is working without risking any potential disruptions for your users.  Once we are done with this verification step, you can delete that user.

  4. Using the same support ticket you submitted earlier, please provide the client id, client secret, issuer URL, and (if using) the email and password for the test user.

  5. We will then complete the set-up on our side and confirm when it is implemented successfully.

 

FAQs

Q: If I enable SSO, do my Channel Managers still need to be BrightTALK users?

Yes- anyone who needs to access BrightTALK Central, regardless of whether they are in your IdP, must create a free BrightTALK account by going to brighttalk.com/join

Q: Can I directly provision Channel Managers from my IdP?

No- Channel Managers still need to be added from the Settings area of BrightTALK Central.

Q: Once I enable SSO, what happens if one of my Channel Managers tries to log in using their BrightTALK User name and password?

They will be redirected to your IdP's login page.

Q: Does this impact presenters or audience members?

No- anyone accessing a webinar either to present or register/view the webinar is not required to go through SSO.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request