About SSO with SAML Authentication
    • PDF

    About SSO with SAML Authentication

    • PDF

    Article summary

    summary

    Help page on how to perform SSO with SAML authentication at TROCCO.

    About SSO

    Single Sign On (SSO) is a mechanism that allows users to log in to multiple web services and applications with a single authentication using a single set of IDs and passwords.

    Plan Restrictions

    SSO with SAML authentication is available only for subscribed accounts on the Essential plan and above.

    Advantages of Implementing SSO

    The following advantages are possible

    • Convenience is improved because only one set of IDs and passwords need to be recorded.
    • Eliminates the need to manage passwords for as many services as you use.
    • The ability to manage all available services for each employee in one place reduces the burden on the administrator.

    About SAML Authentication

    TROCCO uses the Security Assertion Markup Language (SAML) method as its SSO authentication method.
    In the SAML system, the party providing authentication information is defined as the Identity Provider (IdP), and the party using the authentication information is defined as the Service Provider ( SP).
    In the following, we will describe the steps for setting up each of these separately for IdPs (Okta, Entra ID, Onelogin, GMO Trust Login, etc.) and for SPs (TROCCO).

    SSO login flow

    TROCCO uses IdP Initiated SSO as its SSO login flow.
    When logging into TROCCO using SSO, please log in from the IdP (Okta, Entra ID, Onelogin, GMO Trust Login, etc.) side.

    For details on how to set up the IdP side of GMO Trust Login, please refer to TROCCO's How to Set Up SAML Authentication.

    Setup procedure

    advance preparation

    The Assertion Consumer Service URL ( ACS_URL) specified by TROCCO is required when configuring the IdP side.
    The ACS_URL is different for each TROCCO account.
    Click on the email address section in the upper right corner of the TROCCO screen > Account Security, and check the URL under SSO using SAML authentication.

    saml-authentication-sso-2024-08-29-7-37-0

    How to obtain the TROCCO logo

    When registering TROCCO with IdP, you may be required to upload an application logo.
    The TROCCO logo can be downloaded from our website.

    IdP-side settings

    The following three major settings are used.

    1. Register TROCCO as SP in IdP.
    2. Assign users and groups to registered SPs (TROCCO)
    3. Obtaining IdP metadata

    Information required to register TROCCO with IdP

    Below is the information required to register TROCCO as an SP with the IdP.

    • Assertion Consumer Service URL(ACS_URL)
    • SP Entity ID
      • https://trocco.ioを指定します.
    • NameID Format
      • Specify the Email (or EmailAddress).
    About input item name

    Some IdPs may use a different name for the input field name. The following are typical examples

    • ACS_URL:Single sign on URL
    • SP Entity ID:Audience URI

    Below is a description of the setup procedure, using Okta as an example.

    STEP1 Register TROCCO as an SP

    1. From the menu of the Okta administration page, click on Applications>Applications.
      image.png

    2. Click Create App Integration.
      image.png

    3. Select SAML 2.0 and click Next.
      image.png

    4. Configure as appropriate in General Settings and click Next.

      • Enter trocco in the App Name field.
        image.png
    5. Configure SAML accordingly and click Next.

    6. Respond to Feedback as appropriate and click Finish.
      image.png

    STEP2 Assign users and groups

    Click Assignments > Assign, then Assign to People or Assign to Groups as appropriate.
    image.png

    STEP3 Obtain IdP metadata

    1. Click Sign On > View****Setup Instructions.
      image.png

    2. Click on Optional at the bottom of the screen that appears.
      Provide the following IDP metadata to your SP provider will be displayed.
      Record the metadata displayed.

    If you are using Entra ID (formerly Azure AD)

    If you are using Entra ID (formerly Azure AD), you do not need to set the sign-on URL, relay state, or log-out URL.
    Set the identifier and response URL.

    • identifier
      • https://trocco.io/を指定します.
    • response URL

    Settings on the TROCCO (SP) side

    Register IdP metadata with TROCCO.

    1. Click on the email address section in the upper right corner of the TROCCO screen > Account Security, then click on Enable****from SSO using SAML authentication.
      saml-authentication-sso-2024-08-29-7-37-9

    2. Enter the values obtained in STEP3 Obtaining IdP metadata and click Save.
      002-p.png

    If you want to disable password authentication as a login method

    If you disable password authentication as a method of logging into TROCCO and use SSO only, please enable the Require login with SAML authentication option.

    How to add users

    You can invite users as you did before setting up SAML authentication.
    In doing so, however, be sure to match the email address of the user assigned by the IdP with the email address to be added to TROCCO.


    Was this article helpful?