How to Configure SAML 2.0 for BrainStorm QuickHelp

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Brainstorm QuickHelp SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

---

Configuration Steps

1. Contact BrainStorm support and request that they enable SAML for your organization.

2. Copy and save the following IdP Metadata show below with the filename metadata.xml.

   Sign into the Okta Admin dashboard to generate this value.

3. Attach the file you saved in step 2 to the email message.

4. BrainStorm will process your request. When you receive a confirmation that SAML is enabled, you can start assigning users to the application.

5. The BrainStorm QuickHelp application is pre-configured to pass the groups as part of the SAML assertion. In order to send user groups as part of the SAML assertion:

   • In OKTA, select the Sign On tab for the BrainStorm QuickHelp app, then click Edit.

   • Select your preferred group filter from the Group dropdown list (the Regex rule with the value ".*" in order to send *all* groups to the BrainStorm QuickHelp instance we used in our example) for the attribute.

   • Click Save.

   

6. Done!

---

Notes

The following SAML attributes are supported:

Okta sends the following default attributes as part of the SAML assertion:

Name	Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname	user.firstName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname	user.lastName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress	user.userName
Department	user.department
Title	user.title
Group	This is configured in the app UI; see group attribute instructions above.

In addition to the default attributes, Okta supports the following custom attributes:

Name	Value
UserID	appuser.userId
Company	appuser.company
Location	appuser.location
Platform	appuser.platform
Custom1	appuser.custom1
Custom1	appuser.custom2
Custom1	appuser.custom3

Here is an example describing how to add and use the additional company attribute.

1. In Okta, navigate to Directory > Profile Editor.

2. Search for the BrainStorm QuickHelp app, then click Profile:



3. Click Add Attribute, then enter the following:

   1. Display Name: Enter a preferred attribute name. In our example, we used Company.

   2. Variable Name: company.

      Important: In our example we are adding the company attribute. You must use the following variables names for the custom attributes: userId, company, location, platform, custom1, custom2, and custom3.

   3. Click either Add Attribute or Save, and Add Another.

   Note: Scope (optional): If you check User personal, it means that the current attribute will be available once you assign the user to the BrainStorm QuickHelp application and will not be available once you assign the group to the app.

   

4. Click Map Attributes:

   

5. Select the Okta to BrainStorm QuickHelp tab.

6. Start typing the required attribute from the Okta Base User profile (or use the drop down list) and select the attributes you want to map.

7. In our example, we have selected the Organization< attribute, then use the green arrows (Apply mapping on user create and update).

8. Click Save Mappings:



9. Click Apply Updates Now:



10. Okta will now pass the Company attribute with the value of the Organization field from the Okta Base User Profile.

For SP-initiated SSO

1. Go to: https://quickhelp.com/Login

2. Enter your Email Address.

3. Click LOG IN: