About SSO with SAML Authentication

summary

Help page on how to perform SSO with SAML authentication at TROCCO.

About SSO

Single Sign On (SSO) is a mechanism that allows users to log in to multiple web services and applications with a single authentication using a single set of ID and password.

Advantages of Implementing SSO

The following advantages are possible

• Convenience is improved because only one set of IDs and passwords need to be recorded.
• Eliminates the need to manage passwords for as many services as you use.
• The ability to manage all available services for each employee in one place reduces the burden on the administrator.

About SAML Authentication

TROCCO uses the Security Assertion Markup Language (SAML) method as its SSO authentication method.
In the SAML system, the party providing authentication information is defined as the Identity Provider (IdP), and the party using the authentication information is defined as the Service Provider ( SP).
In the following, we will describe the setup procedure for IdPs (Okta, Entra ID, Onelogin, GMO Trust Login, etc.) and SPs (TROCCO) separately.

Setup procedure

advance preparation

The Assertion Consumer Service URL ( ACS_URL) specified by TROCCO is required when configuring the IdP side.
The ACS_URL is different for each TROCCO account.
Click on the email address section in the upper right corner of the TROCCO screen > Account Security, and check the URL under SSO using SAML authentication.

IdP side setting

The following three major settings are used.
Register TROCCO as SP in IdP.
Assign users and groups to registered SPs (TROCCO)
Obtain IdP metadata

Information required to register TROCCO with IdP

Below is the information required to register TROCCO as an SP with IdP.

• Assertion Consumer Service URL (ACS_URL)
  • Specify the ACS_URL obtained in the advance preparation.
• SP Entity ID
  • https://trocco.ioを指定します.
• NameID Format
  • Specify the Email (or EmailAddress).

Below is a description of the setup procedure using Okta as an example.

STEP1 Register TROCCO as SP

1. From the menu of the Okta administration page, click on Applications>Applications.
   

2. Click Create App Integration.
   

3. Select SAML 2.0 and click Next.
   

4. Configure as appropriate in General Settings and click Next.

   • Enter trocco in the App Name field.
     

5. Configure SAML accordingly and click Next.

   • Refer to the information required when registering TROCCO to IdP and specify each setting value.
     

6. Respond to Feedback as appropriate and click Finish.
   

STEP2 Assign users and groups

Click Assignments > Assign, then Assign to People or Assign to Groups as appropriate.

STEP3 Obtain IdP metadata

1. Click Sign On > View****Setup Instructions.
   

2. Click on Optional at the bottom of the screen that appears.
   Provide the following IDP metadata to your SP provider will be displayed.
   Record the metadata displayed.

Settings on TROCCO (SP) side

Register IdP metadata in TROCCO.

1. Click on the email address section in the upper right corner of the TROCCO screen > Account Security, then click on Enable****from SSO using SAML authentication.
   

2. Enter the values obtained in STEP3 Obtaining IdP metadata and click Save.