Okta SSO Integration — My Bright Horizons

My Bright Horizons offers employees a front door into all of their eligible benefits and content. My Bright Horizons helps recommend the best services and content to families by learning their specific needs and interests to present the best choices.


Supported Features

Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the My Bright Horizons application.

Universal Logout - When enabled, Okta can terminate user sessions and tokens when risk is detected or when an admin initiates logout.


Step 1: Administrator Account Setup

  1. Open the invitation email.
  2. Click the activation link.
  3. Create your account and set a password for login.

Step 2: Okta Application Setup & SSO

Add Application

Add the “My Bright Horizons” instance in your Okta org. See the Okta guide: Add the existing app integration.

Configure SSO

  1. In the My Bright Horizons app instance in your Okta org, click the Authentication tab.
  2. Click Express Configure SSO in the Express Configuration for My Bright Horizons section. You will be redirected to the My Bright Horizons employer selection page.
  3. Select your employer and click Continue. This will take you to the My Bright Horizons login page.
  4. Sign in to the app using the admin credentials you created in Step 1. (Optional: enable passwordless authentication if desired.)
  5. On the next page, click the Skip option.
  6. Review the Authorize App details on the consent page to grant Okta access to My Bright Horizons and click Accept. You will be redirected back to your Okta org and a success message will indicate that SSO has been configured.

Step 3: Enable Universal Logout

On the Sign On tab of the Bright Horizons application

Check the box for "Okta system or admin initiates logout"


Step 4: Provisioning Configuration

Add an additional claim named UniqueID and map it from Okta user attributes.

  1. In your Okta org, go to Directory > Profile Editor.
  2. Select the profile My Bright Horizons User created for the application.
  3. Click Add Attribute.
  4. Ensure Data Type is set to String.
  5. Set Display Name to UniqueID.
  6. Set Variable Name to uniqueId.
  7. Ensure Attribute Type is set to Personal, then click Save.
  8. Click on Mappings and select Okta Users to My Bright Horizons.
  9. Click Choose an attribute or expression and select the user profile attribute that contains the Enterprise Eligibility value.
  10. Click Save Mappings and then Apply Updates.

Step 5: Final Validation

  1. Once the above steps are completed, go to https://my.brighthorizons.com and select your employer.
  2. After selecting your employer, you will be redirected to your organization’s Okta login page.
  3. Enter your Okta IdP credentials for user authentication.
  4. After successful authentication, you should be redirected to the My Bright Horizons home page.