Configuring login with SSO
Notice
For Bravura Safe product administrators.
Many organizations wanting to leverage federated authentication already have a solution in place; for example: Azure, Okta or Google. These organizations require all applications to authenticate with their current identity provider (IdP), including Bravura Safe.
Bravura Safe can be configured to operate as a service provider, accepting third-party authentication assertions from a trusted IdP using SAML 2.0. This also provides the ability to use 'just-in-time' account provisioning with SSO .
Authentication and decryption are separated when logging in with SSO. Your IdP will not have access to the decryption key (a user's master password) needed to decrypt your safe data.
Best practice
Bravura Security recommends that if your company is using enterprise SSO and has multi-factor authentication (MFA) enforced through your Identity Provider (IdP), not additionally enforcing enterprise two-step login within Bravura Safe to streamline the login process for users. Individual member two-step login will still apply to SSO logins if configured, unless you have the Bypass personal two-step login when using SSO policy enabled.
Warning
Bravura Safe does not support IdP-initiated SSO login. When using federated authentication, you cannot trigger the login session from the Identity Provider side; you can only do this from the Bravura Safe side (the Service Provider).