What options do I have for signing in to Brex?
Brex email and password
When signing into either your Brex dashboard on the web or the Brex app on mobile, you have the option to manually enter the email address and password associated with your Brex account.
If you have problems signing in this way, please read I’m having trouble logging into my account.
Brex allows your team to utilize an SSO with your Identity Provider (IdP) by leveraging OpenID Connect (OIDC) or Security Assertion Markup Language (SAML). Brex’s SSO integration provides a seamless way to sign in with your own IdPs and also eliminates the need for employees to enter credentials to prove their identities repeatedly. After the initial setup effort, SSO gives you more control to easily turn off employee access, greater security in a remote-first world, and better speed and efficiency with Brex.
To use SSO with Brex, you will need:
An Identity Provider (IdP) to facilitate SSO that supports either OpenID Connect (OIDC) or SAML protocol such as Okta, OneLogin, Google Workplace, etc.
A technical point-of-contact who can provide Brex engineers with the following SSO configuration information:
For OIDC configurations:
A customer’s Client ID and Client Secret
A customer’s OIDC domain URL where the /.well-known/openid-configuration endpoint is hosted
Employee email domain
For SAML configurations:
Identity Provider Single Sign-On URL
Identity Provider Issuer
(Optional) IDP metadata XML file
You can connect your SSO to Brex by following the instructions in either How do I enable OpenID Connect (OIDC) SSO? or How do I enable Security Assertion Markup Language (SAML) SSO?.
Enterprise IdP login
The Enterprise IdP login gives your employees the option to sign into their Brex account using Google or Microsoft logins. Any admin on your account can enable this feature in their dashboard by clicking your name in the top right corner and going to Settings > SSO settings. Here, you can toggle Enable logins with Google and Microsoft on or off.
Note: This feature isn’t available if you’re using a dedicated SSO already.
Once turned on, your employees will be able to Sign in with Google or Sign in with Microsoft on the Brex sign in page. (Prior to an admin enabling these features, clicking either button will result in an error message.) This will work so long as the email address they use for Google or Microsoft matches the email address of their Brex account.
You can use 1Password to allow multiple users to access your Brex account.
Step 1: Install 1Password as a browser extension. Store the username/password.
Step 2: Edit your 2FA method from within the Brex dashboard and choose Authentication app. To change your 2FA method, view How do I use two-factor authentication to log in?.
Step 3: Go to this link and follow the steps under To save your QR code using 1Password in your browser.
Step 4: Use 1Password as your 2FA authenticator (instead of Google Authenticator) for the same username.
Step 5: The next time you or another user signs in, 1Password will auto-generate and fill TOTP–or you can see and copy the TOTP code from the browser extension. This user credential can be shared with coworkers via 1Password.