Step 1: Activate SAML SSO in Brevo

First, activate SAML SSO in Brevo:

1. In Brevo, access the SAML SSO page. The path URL differs depending on whether you are accessing it from an Admin account or from a sub-organization or standard Brevo account.
   • From an Admin account, go to Security > SAML.
   • From a sub-organization or standard Brevo account, click the account dropdown and select Security > SAML
2. Activate the Allow SAML Authentication option
   

Step 2: (Optional) Download Brevo's certification for stronger encryption

By default, Brevo’s basic SAML SSO configuration supports one-way encryption. You can download Brevo’s certificates to configure two-way encryption and improve security.

1. Select the Generate and download Brevo's certification for stronger encryption option.
2. Click Download Brevo's certification. A file named "public.cer" will be downloaded.
   

You will upload this file onto Okta during step 4.

Step 3: Create the Brevo application in Okta

Create a new application for Brevo in your Okta account.

1. Open a new tab in your browser and log in to your Okta account.
2. Click Admin to access the admin dashboard.

3. In the navigation menu, go to Applications > Applications.

4. Click Create App Integration.
   

5. Select SAML 2.0.
6. Click Next.
7. Name the application (e.g., "Brevo").
8. Click Next.

Step 4: Configure SAML SSO in Okta

Now, configure SAML SSO in Okta.

1. Copy the value from the Callback URL field in Brevo and paste it into the Single sign-on URL field in Okta.
   
2. In the Audience URI (SP Entity ID) field, enter:
   https://account-app.brevo.com/account/
3. From the Application username dropdown, select Email.
4. Click Show Advanced Settings.
   
5. (Optional) From the Signature Certificate field, click Browse files and select the "public.cer" file that corresponds to Brevo's certification that you previously downloaded.
6. Under Attribute Statements, enter the following values:
   

   Name	Name format	Value
   email	Basic	user.email
   login	Basic	user.login

7. Click Next.
8. Select I'm an Okta customer adding an internal app.
9. Click Finish.

Step 5: Configure SAML SSO in Brevo

Now, configure SAML SSO in Brevo.

1. From the Metadata details section in Okta, copy the value from the Metadata URL field and paste it into the Metadata Address field in Brevo.
   
2. To retrieve the certificate value:
   1. In a new tab, paste this same Metadata URL into your browser's search bar.
   2. Copy the value between the <ds:X509Certificate> opening tag and </ds:X509Certificate> closing tag.
   3. Paste this value into the Certificate field in Brevo.
      
3. From the Metadata details section in Okta, click More details.
4. Copy the value from the Sign on URL field in Okta and paste it into the Sign-on-URL field in Brevo.
   
5. In the Entity ID field in Brevo, enter:
   Entity
6. In the Email fieldname field in Brevo, enter:
   email
7. In the User ID field in Brevo, enter:
   login


Step 6: Assign users to the Brevo application in Okta

To allow users to log in to Brevo using SAML SSO, you need to create and assign them to the Brevo application.

1. If you haven't done so already, create the users who will log into Brevo using SAML SSO in Okta. To learn more, check Okta's dedicated documentation.
2. In Okta, go to the Assignments tab.
3. Click Assign > Assign to People or Assign to Groups.
   
4. Select the people or group you want to assign to the Brevo application.
5. Click Done.

Step 7: (Optional) Activate SAML SSO for sub-organization users in Brevo

By default, SAML SSO is activated only for Admin users while sub-organization users need to log in to Brevo via the default Brevo login page using their standard Brevo credentials.

To activate SAML SSO for sub-organization users as well, select the Force sub-organization users to login with master IDP option.

Step 8: Verify your SAML configuration

After configuring SAML SSO, click Verify to check your configuration:

• ✅ If your SAML configuration works, click Save the settings.
• ❌ If your SAML configuration doesn't work, review each step of the configuration and re-verify.

You've activated SAML SSO authentication on your Brevo account. Now, users can log in from the SSO login page.

Step 1: Activate SAML SSO in Brevo

First, activate SAML SSO in Brevo:

1. In Brevo, access the SAML SSO page. The path URL differs depending on whether you are accessing it from an Admin account or from a sub-organization or standard Brevo account.
   • From an Admin account, go to Security > SAML.
   • From a sub-organization or standard Brevo account, click the account dropdown and select Security > SAML
2. Activate the Allow SAML Authentication option
   

Step 2: Create the Brevo application in Auth0

Start by creating a new application for Brevo in your Auth0 account:

1. Open a new tab in your browser and log in to your Auth0 account.

2. In the navigation menu, go to Applications > Applications.

3. Click + Create Application.
   

4. Name the application (e.g., "Brevo").
5. Choose Regular Web Applications as the application type.
6. Click Create.
   

Step 3: Configure SAML SSO in Auth0

Now, configure SAML SSO in Auth0:

1. Go to the Settings tab.
2. Copy the value from the Login URL field in Brevo and paste it into the Application Login URI field in Auth0.
   
3. Copy the value from the Callback URL field in Brevo and paste it into the Allowed Callback URLs field in Auth0.
   
4. Click Save Changes.

Step 4: (Optional) Add Brevo's certification to Auth0 for stronger encryption

By default, Brevo’s basic SAML SSO configuration supports one-way encryption. You can download Brevo’s certificates to configure two-way encryption and improve security:

1. In Brevo, select the Generate and download Brevo's certification for stronger encryption option.
2. Click Download Brevo's certification. A file named "public.cer" is downloaded on your computer.
3. In Auth0, go to the Addons tab.
4. Activate the SAML2 WEB APP add-on. The Addon: SAML2 Web App popup window opens.
   
5. Go to the Settings tab.
6. Delete the content of the Settings field.
7. Enter the following JSON in the Settings field:

   {
     "signatureAlgorithm": "rsa-sha256",
     "digestAlgorithm": "sha256",
     "signResponse": true,
     "signingCert": "YOUR_CERTIFICATE_CONTENT"
   }

8. Replace YOUR_CERTIFICATE_CONTENT with the content of the certificate you downloaded. Use the following dropdowns to view instructions for viewing and copying the certificate on Windows, MacOS, and Linux:
   
   Windows

   1. On your computer, press Windows + R, type cmd, and press Enter to open Command Prompt.
   2. Find where the "public.cer" file is saved on your computer and note the full path (e.g., C:\Users\YourName\Downloads\public.cer).
   3. In Command Prompt, type the following, replacing the path in bold with your file location:
      type "C:\Users\YourName\Downloads\public.cer"
   4. Press Enter.
   5. Copy everything from
      -----BEGIN CERTIFICATE-----
      to
      -----END CERTIFICATE-----
      including both lines.

   MacOS

   1. On your computer, press Command + Space, type Terminal, and press Enter to open Terminal.
   2. Find where the "public.cer" file is saved on your computer and note the full path (e.g., /Users/YourName/Downloads/public.cer).
   3. In Terminal, type the following, replacing the path in bold with your file location:
      cat /Users/yourname/Downloads/public.cer
   4. Press Enter.
   5. Copy everything from
      -----BEGIN CERTIFICATE-----
      to
      -----END CERTIFICATE-----
      including both lines.

   Linux

   1. On your computer, press Ctrl + Alt + T (or open Terminal from your applications menu).
   2. Find where the "public.cer" file is saved on your computer and note the full path (e.g., ~/Downloads).
   3. In Terminal, type the following, replacing the path in bold with your file location:
      cat ~/Downloads/public.cer
   4. Press Enter.
   5. Copy everything from
      -----BEGIN CERTIFICATE-----
      to
      -----END CERTIFICATE-----
      including both lines.
   
9. Click Activate.
10. Close the Addon: SAML2 Web App popup window.

Step 5: Assign users to the Brevo application in Auth0

By default, all users created in an Auth0 tenant are automatically assigned to the tenant's applications. Therefore, you don't need to take any additional steps to assign users to the Brevo application.

However, if you haven't done so already, make sure you create the users who will log in to Brevo using SAML SSO in Auth0. To learn more, check Auth0's dedicated documentation.

Step 6: Configure SAML SSO in Brevo

Now, configure SAML SSO in Brevo:

1. In Auth0, go to the Settings tab.
2. Scroll down to the bottom of the page and expand the Advanced Settings section.
3. Go to the Endpoints tab.
   
4. Copy the value from the SAML Protocol URL field in Auth0 and paste it into the Sign-on-URL field in Brevo.
   
5. Copy the value from the SAMLMetadata URL field in Auth0 and paste it into the Metadata Address field in Brevo.
   
6. In the Entity ID field in Brevo, enter:
   https://account-app.brevo.com/account/
7. In the Email fieldname field in Brevo, enter:
   http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
8. In the User ID field in Brevo, enter:
   http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
   

Step 7: (Optional) Activate SAML SSO for sub-organization users in Brevo

By default, SAML SSO is activated only for Admin users while sub-organization users need to log in to Brevo via the default Brevo login page using their regular Brevo credentials.

To activate SAML SSO for sub-organization users as well, select the Force sub-organization users to login with master IDP option.

Step 8: Verify your SAML configuration

After configuring SAML SSO, click Verify to check your configuration:

• ✅ If your SAML configuration works, click Save the settings.
• ❌ If your SAML configuration doesn't work, review each step of the configuration and re-verify.

You've activated SAML SSO authentication on your Brevo account. Now, users can log in from the SSO login page.