Skip to content
English - United States
Contact us
  • There are no suggestions because the search field is empty.

Setting up Single Sign On (SSO) with BetterMynd

Single Sign On (SSO) uses a partner’s identity provider (IdP) to authenticate users, allowing users to sign-in to the BetterMynd platform with their partner-specific credentials instead of a BetterMynd username and password.

The following information can be shared with your campus technical contact.

How long will it take to integrate SSO with BetterMynd? 

We generally recommend building in 5-15 business days (1-3 weeks) to get SSO set up for your users in the production environment. While the process is relatively straightforward and can be completed even more quickly, it is dependent on available partner resources and communication between your team and BetterMynd.  

What methods of SSO are supported? 

BetterMynd supports SAML2 with Web Service Federation. These are widely accepted standards that are supported by most identity tooling and make integration simple and seamless on both sides.  

How will user accounts be provisioned? 

BetterMynd will create a platform account for any user authenticated by the partner’s Identity Provider. No “list” of users is required for SSO. 

Who should be allowed to sign in to the BetterMynd platform? 

The BetterMynd platform supports two user roles:  

  1. Campus Administrators: Points of contact at your institution who need administrative access to platform data for your institution. 
  2. Users: Individual end users accessing the platform for online therapy services.  

Both roles will be funneled through the SSO integration, so both roles will need to be allowed access to the BetterMynd platform service defined by the Identity Provider. What users are given access is entirely up to the partner. 

Do you support provider-initiated sign-ins? 

No. BetterMynd only supports service-initiated sign-ins. 

 

Setting up Single Sign On (SSO)

The following steps will be taken first in the development environment. Once testing confirms the environment is working properly, the steps will be repeated for the production environment.  

Step One

The partner will provide their Identity Provider’s metadata file or URL. This can be different for the two environments, or the same metadata can be used for both. 

Step Two 

BetterMynd will provide the following environment specific details: 

  • Service metadata URL.  
  • Expected attributes.  
  • Partner specific sign in URL. 

Step Three 

The partner will test the environment. 

  1. Using the partner specific sign in URL, you should be redirected to your IdP for login. 
  2. After entering valid credentials into your IdP, you should be redirected back to the BetterMynd platform. 
  3. Users should not see a form for verifying First Name/Last Name/Email (we should be collecting these automatically via attributes).
    1. Note: This step may require a bit of troubleshooting. Every IdP uses its own naming scheme for attributes and configuring to match sometimes takes a bit of trial and error.  
  4. New users should get a validation email and link that they will need to click on. 
  5. User lands on a page where they are presented BetterMynd’s Terms & Conditions.