Skip to content
English
Brighton Science
  • There are no suggestions because the search field is empty.

Single Sign On with BrightonID - Azure Active Directory

Instructions for how to enable Single Sign On(SSO) with BrightonID and Azure Active Directory to enable login to Brighton Customer Hub and other services

Below are the instructions to add your organizations Azure AD Single Sign on to BrightonID.  At the end of the document there are a is a link to send the appropriate info to our support team to enable it.

 

  1. Sign in to Microsoft Entra
  2. Click on Entra ID
  3. Click on Enterprise Apps
    Screenshot 2025-08-27 at 5.48.34 PM
  4. Click on new application
    Screenshot 2025-08-27 at 5.51.04 PM
  5. Click Create your own application
  6. Create the name "BrightonID - Brighton Science" for the app name
  7. Then, click Register an application to integrate with Azure AD (App you are developing).
  8. Select the top option for Accounts in this organizational directory only.
  9. For the Redirect URI, you will need to add two URIs.
    1. select "web" and enter: https://login.brighton-science.com/login/callback
    2. select "web" and enter: https://clerk.brighton-science.com/v1/oauth_callback
  10. Then click register.
  11. Click Azure Active Directory, then App Registrations, then click on your new application
  12. Take note of the Client ID(you will need it later)
  13. Click on Certificates & Secrets
  14. Then click + New Client Secret
  15. Name your Secret and set the expiration date(recommend at least 24 months). Then click Add.
  16. Copy the Value field and keep it safe, you cannot see this value again(you will need this "Secret" later).

  17. Go to API Permissions

     

  18. Click Add the following permissions:

  19. Click on Microsoft Graph

  20. Click Delegated Permissions

  21. Click Directory.Read.All

  22. Then click grant admin consent for your organization

  23. With that complete, send us the information we need to enable your Single Sign On.  This information includes:

    REQUIRED INFO:
    1. ClientID(example: 9cb7e54e-c1fe-483c-8286-750b11cf4ce0)
      1. This is an id that you saved from the previous creation process.
    2. Client Secret(example: MgR8Q~gBK12yW.~pCOsKvEtydyDda82hg7axFawc)
      1. This is a secret that you saved from the previous creation process.
    3. Microsoft Azure AD Domain(example: btglabsgcc.onmicrosoft.com)
      1. This is your main tenant Azure AD Domain, which could be different from your e-mail domain.
    4. Email Domain(s)(Example: brighton-science.com, btglabs.com)
      1. These are an e-mail domains your users may use for their e-mail addresses.  This is what we use to detect a user from your org and authenticate them with your process, so you only need to include e-mail domains your users would use.

             OPTIONAL INFO (you can include all, none or some of these):

    1. Logo URL: A full URL to a PNG file of your company logo
    2. Primary Branding Color(In hex, e.g. #0059d6)
    3. Login Page Background Color(In hex, e.g. #0059d6)

Our support team will configure your environment and reach out for you to test and complete the process.

 

  1. After setup is complete, your users will see our standard login page. After entering their e-mail the page remove the password:
  2. Upon clicking "Log In", they will either:
    1. be logged in automatically(if they are already logged into Azure AD with an active session, per your tenant settings) or
    2. Will see your Azure AD login screen to login

  3. After login they will be directed to the Brighton Science resource.