SSO integration guide

Brex allows your team to utilize an SSO with your Identity Provider (IdP) by leveraging OpenID Connect (OIDC) or Security Assertion Markup Language (SAML).

Step 1: Benefits

Brex’s SSO integration provides a seamless way to sign in with your own IdPs and also eliminates the need for employees to enter credentials to prove their identities repeatedly. After the initial setup effort, SSO gives you:

  • More control to easily turn off employee access

  • Greater security in a remote-first world

  • Greater speed and efficiency with Brex

Step 2: Requirements

To use SSO with Brex, you will need:

  • An Identity Provider (IdP) to facilitate SSO that supports either OpenID Connect (OIDC) or SAML protocol such as Okta, OneLogin, Google Workplace, etc.

  • A technical point-of-contact who can provide Brex engineers with the following SSO configuration information:

    • For OIDC configurations:

      • A customer’s Client ID and Client Secret

      • A customer’s OIDC domain URL where the /.well-known/openid-configuration endpoint is hosted

      • Employee email domain

    • For SAML configurations:

      • Identity Provider Single Sign-On URL

      • Identity Provider Issuer

      • X.509 Certificate

      • (Optional) IDP metadata XML file

Step 3: Setup instructions

Currently, there is no self-service onboarding flow. Please contact Brex Support to connect to SSO using the appropriate instructions linked below.

When exchanging SSO configuration data, Brex Support will provide a SendSafely link, which lets you safely exchange encrypted files and information directly with Brex.

Was this article helpful?


Still can't find what you're looking for?

Chat with us->