- 07 Dec 2022
- 2 Minutes to read
-
Print
-
DarkLight
About SSO with SAML authentication
- Updated on 07 Dec 2022
- 2 Minutes to read
-
Print
-
DarkLight
This is a machine-translated version of the original Japanese article.
Please understand that some of the information contained on this page may be inaccurate.
summary
This is a help page on how to perform SSO by SAML authentication at trocco.
About SSO
Single Sign On (SSO) is a mechanism that allows you to log in to multiple web services and applications by performing authentication with a single ID and password once.
The following benefits can be considered by introducing SSO.
- Convenience is improved because you only need to remember one set of IDs and passwords.
- No more hassle of managing passwords as strong as the number of services you use.
- Since the services available to each employee can be managed collectively, the burden on managers is reduced.
There are several SSO authentication methods, but trocco uses the Security Assertion Markup Language (SAML) method. In the SAML method, the side that provides authentication information (Onelogin, Okta, Azure AD, etc.) is called the Identity Provider (IdP), and the side that uses authentication information (trocco) is called the Service Provider (SP).
Setup Procedure
IdP-side settings
Register trocco as an SP with the IdP. Please use the following information when registering.
Assertion Consumer Service(ACS)URL
The setting value is different for each account. Manage trocco → Security → SSO using SAML authentication.SP Entity ID
https://trocco.io
Please set the .NameID Format
Set your email. To use this function, the user's email address must match between the IdP and the SP.
After registering the above, assign the necessary users and groups.
Example) For Okta
- Add an application
From the Okta UI menu, click Applications → Applications.
Click Create App Integration.
Select SAML 2.0 and click Next.
- General Settings
For the App Name, please enter a name such as "trocco". Set other items as needed.
You can download the trocco logo here.
- Configure SAML
The Single sign on URL setting is different for each account. Manage trocco → Security → Check from SS using SAML authentication.
Set the Audience URI (SP Entity ID)https://trocco.io
to and EmailAddress for the Name ID format.
- Feedback
Respond to the feedback and click Finish.
- Assigning User Groups
You can assign the app you created to users and groups by clicking Assignments → Assign, and then clicking Assign to People or Assign to Groups.
- Retrieving metadata
Click Sign On → View Setup Instructions.
Copy the metadata displayed in the Optional → Provide the following IDP metadata to your SP provider at the bottom of the screen that appears, and paste it into your trocco dashboard.
Example) In the case of Azure AD
In Azure AD, set the identifier and reply URL.
It is not necessary to set the sign-on URL, relay status, and logout URL.
identifier
https://trocco.io/
Please use
Reply URL
Please use the URL displayed in "SSO using SAML authentication" on trocco.
SSO using SAML authentication can be viewed by clicking on the top page of trocco in the order of settings > security.
SP-side settings
Register your IdP with trocco. Settings → Security → Enable SSO using SAML authentication to proceed to the registration screen. Metadata generated by the IdP is used for registration.
Disable password authentication as a login method to trocco, and if you want to use SSO only, select the check box of Login Settings.
User Addition Procedure
You can still add users from the Administration → Account Users → User Invitation.
Be sure to match the email address of the user assigned in the IdP with the email address you add to trocco.