Brandfolder SAML Information

Increasing security and ease of use for all users is always top priority at Brandfolder. With SAML (Security Assertion Markup Language) we are able to easily implement a seamless authentication process for all users.


We are able to connect with any SAML 2.0 authentication provider. Below are some of the providers we have specific integrations and connectors with:

  • Azure
  • Okta
  • OneLogin
  • IBM

Through the Okta platform we have specific information in regards to initial set up. Click here to see the documentation.

Options for User Access:

  1. General Access Setting - When any user logs in through SAML they will automatically be given access to specific Brandfolders and/or Collections at a specific permission level.
  2. Team Access Settings - Some or all users are divided into specific teams (or departments) to allow for different privacy levels across different Brandfolders and/or Collections.
  3. Custom Access - An administrator of the organization is able to add a user to a specific Brandfolder and/or Collection outside of the traditional team/general access granted.

Attributes for User Profiles 

  • We require the nameid for the user to be an email address.
  • We recommend passing the user’s first name: “givenname” and last name: “surname”.
  • You can also pass along the company, title, and department associated with a user. 

The options in the arrays below are potential values that Brandfolder looks to map off of. These options are beneficial when tracking analytics around your assets. 

 def self.userattr_samlattr_mapping
"first_name": ["first_name", "firstname", "givenname"],
"last_name": ["last_name", "lastname", "surname"],
"company": ["company", "company_name"],
"title": ["title"],
"department": ["department"]

Brandfolder SSO Information

SSO (Single Sign On) is another option for user authentication through Brandfolder. SSO gives clients the ability to integrate whichever user account system they have in place with Brandfolder, in order to reduce the amount of passwords and login screens users have to manage.


Team Configuration

Teams allow for a specific group of users that have been set up within the IdP to gain a specific level of access within Brandfolder. This can be accomplished by releasing a custom attribute in the SAML response named teams with the associated group value. It can also be handled by releasing a specific claim if you are using ADFS as your IdP. Brandfolder has created a specific document here that completes the mapping on the Brandfolder side. Once this has been completed please send the document to either the Implementation Manager for the account or to This document must include:

  • Team Value (the group name)
  • The access level the team value should receive (Organization, Brandfolder, Collection)
  • The permission level the team should receive (Owner, Admin, Collaborator, Guest)


If you have any additional questions on SSO or SAML configurations please contact

Was this article helpful?
0 out of 0 found this helpful

Articles in this section