Integration Hub Branch SSO

Steps to configure SAML SSO for Branch

About Branch

Branch is a cloud-based visual collaboration platform designed to enhance teamwork, planning, and decision-making across various industries, including defense, architecture, media, and enterprise sectors. Branch offers a secure, scalable workspace that facilitates real-time collaboration among dispersed teams.

The following steps will help you enable SSO for Branch from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
  2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
  3. Navigate to Applications > Application Integration > Create New Application, and select Branch from the applications displayed.
    Note: You can also find Branch from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under the Choose Capabilities tab, select Single Sign-on and click Continue.
    Identity360 application configuration General Settings.General Settings of SSO configuration for Branch
  6. Under Integration Settings, navigate to the Single Sign On tab, and click IdP Details. Copy the Login URL, Entity ID, and Signing Certificate values, which will be used later during the configuration in Branch.
    Identity360 application configuration Integration SettingsIntegration Settings of SSO configuration for Branch.

Branch (service provider) configuration steps

  1. Log in to Branch with administrator's credentials.
  2. In the Branch Dashboard, navigate to Account > Settings > SSO.
  3. Enable SSO by toggling Enable SAML/SSO for your team.
  4. In the Branded Login Domain field, provide a valid domain name. This will usually be your company or product name. Copy this value to be used later during Identity360 configuration.
  5. In the Identity provider Entity ID field, paste the Entity ID value copied in step 6 of prerequisites.
  6. In the Identity provider SSO URL field, paste the Login URL value copied in step 6 of prerequisites.
  7. In the Public x509 certificate field, paste the Signing Certificate value copied in step 6 of prerequisites.
  8. Click Save.

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. In the Sub Domain field, use the Branded Login Domain value copied in step 4 of Branch configuration. For example, if your Branded Login Domain URL is https://brigetoteck.dashboard.branch.io/, then brigetoteck will be your Sub Domain.
  3. Enter the Relay State parameter, if necessary.
    Note: Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
  4. Click Save.
    Identity360 application configuration.Integration Settings of SSO configuration for Branch.
  5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to Branch through the Identity360 portal.

Note: For Branch, both IdP- and SP-initiated flows are supported.

Steps to enable MFA for Branch

Setting up MFA for Branch using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to Branch. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate Branch with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for Branch by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.