Contents x
    About SSO with SAML Authentication
      • Print
      • PDF
      Contents

      About SSO with SAML Authentication

        • Print
        • PDF
        Article summary

        summary

        Help page on how to perform SSO with SAML authentication at TROCCO.

        About SSO

        Single Sign On (SSO) is a mechanism that allows users to log in to multiple web services and applications with a single authentication using a single set of IDs and passwords.

        Plan Restrictions

        SSO with SAML authentication is available only for subscribed accounts on the Essential plan and above.

        Advantages of Implementing SSO

        The following advantages are possible

        • Convenience is improved because only one set of IDs and passwords need to be recorded.
        • Eliminates the need to manage passwords for as many services as you use.
        • The ability to manage all available services for each employee in one place reduces the burden on the administrator.

        About SAML Authentication

        TROCCO uses the Security Assertion Markup Language (SAML) method as its SSO authentication method.
        In the SAML system, the party providing authentication information is defined as the Identity Provider (IdP), and the party using the authentication information is defined as the Service Provider ( SP).
        In the following, we will describe the steps for setting up each of these separately for IdPs (Okta, Entra ID, Onelogin, GMO Trust Login, etc.) and for SPs (TROCCO).

        SSO login flow

        TROCCO uses IdP Initiated SSO as its SSO login flow.
        When logging into TROCCO using SSO, please log in from the IdP (Okta, Entra ID, Onelogin, GMO Trust Login, etc.) side.

        For details on how to set up the IdP side of GMO Trust Login, please refer to TROCCO's How to Set Up SAML Authentication.

        Setup procedure

        advance preparation

        The Assertion Consumer Service URL ( ACS_URL) specified by TROCCO is required when configuring the IdP side.
        The ACS_URL is different for each TROCCO account.
        Click on the email address section in the upper right corner of the TROCCO screen > Account Security, and check the URL under SSO using SAML authentication.

        saml-authentication-sso-2024-08-29-7-37-0

        How to obtain the TROCCO logo

        When registering TROCCO with IdP, you may be required to upload an application logo.
        The TROCCO logo can be downloaded from our website.

        IdP-side settings

        The following three major settings are used.

        1. Register TROCCO as SP in IdP.
        2. Assign users and groups to registered SPs (TROCCO)
        3. Obtaining IdP metadata

        Information required to register TROCCO with IdP

        Below is the information required to register TROCCO as an SP with the IdP.

        • Assertion Consumer Service URL(ACS_URL)
        • SP Entity ID
          • https://trocco.ioを指定します.
        • NameID Format
          • Specify the Email (or EmailAddress).
        About input item name

        Some IdPs may use a different name for the input field name. The following are typical examples

        • ACS_URL:Single sign on URL
        • SP Entity ID:Audience URI

        Below is a description of the setup procedure, using Okta as an example.

        STEP1 Register TROCCO as an SP

        1. From the menu of the Okta administration page, click on Applications>Applications.
          image.png

        2. Click Create App Integration.
          image.png

        3. Select SAML 2.0 and click Next.
          image.png

        4. Configure as appropriate in General Settings and click Next.

          • Enter trocco in the App Name field.
            image.png

        5. Configure SAML accordingly and click Next.

        6. Respond to Feedback as appropriate and click Finish.
          image.png

        STEP2 Assign users and groups

        Click Assignments > Assign, then Assign to People or Assign to Groups as appropriate.
        image.png

        STEP3 Obtain IdP metadata

        1. Click Sign On > View****Setup Instructions.
          image.png

        2. Click on Optional at the bottom of the screen that appears.
          Provide the following IDP metadata to your SP provider will be displayed.
          Record the metadata displayed.

        If you are using Entra ID (formerly Azure AD)

        If you are using Entra ID (formerly Azure AD), you do not need to set the sign-on URL, relay state, or log-out URL.
        Set the identifier and response URL.

        • identifier
          • https://trocco.io/を指定します.
        • response URL

        Settings on the TROCCO (SP) side

        Register IdP metadata with TROCCO.

        1. Click on the email address section in the upper right corner of the TROCCO screen > Account Security, then click on Enable****from SSO using SAML authentication.
          saml-authentication-sso-2024-08-29-7-37-9

        2. Enter the values obtained in STEP3 Obtaining IdP metadata and click Save.
          002-p.png

        If you want to disable password authentication as a login method

        If you disable password authentication as a method of logging into TROCCO and use SSO only, please enable the Require login with SAML authentication option.

        How to add users

        You can invite users as you did before setting up SAML authentication.
        In doing so, however, be sure to match the email address of the user assigned by the IdP with the email address to be added to TROCCO.

        Was this article helpful?
        What's Next