About SSO with SAML authentication
  • 07 Dec 2022
  • PDF

About SSO with SAML authentication

  • PDF

Article Summary

Note

This is a machine-translated version of the original Japanese article.
Please understand that some of the information contained on this page may be inaccurate.

summary

This is a help page on how to perform SSO by SAML authentication at trocco.

About SSO

Single Sign On (SSO) is a mechanism that allows you to log in to multiple web services and applications by performing authentication with a single ID and password once.
The following benefits can be considered by introducing SSO.

  • Convenience is improved because you only need to remember one set of IDs and passwords.
  • No more hassle of managing passwords as strong as the number of services you use.
  • Since the services available to each employee can be managed collectively, the burden on managers is reduced.

There are several SSO authentication methods, but trocco uses the Security Assertion Markup Language (SAML) method. In the SAML method, the side that provides authentication information (Onelogin, Okta, Azure AD, etc.) is called the Identity Provider (IdP), and the side that uses authentication information (trocco) is called the Service Provider (SP).

Setup Procedure

IdP-side settings

Register trocco as an SP with the IdP. Please use the following information when registering.

  • Assertion Consumer Service(ACS)URL
    The setting value is different for each account. Manage trocco → SecuritySSO using SAML authentication.

  • SP Entity ID
    https://trocco.ioPlease set the .

  • NameID Format
    Set your email. To use this function, the user's email address must match between the IdP and the SP.

After registering the above, assign the necessary users and groups.

Example) For Okta

  1. Add an application
    From the Okta UI menu, click Applications → Applications.

image.png

Click Create App Integration.

image.png

Select SAML 2.0 and click Next.

image.png

  1. General Settings
    For the App Name, please enter a name such as "trocco". Set other items as needed.

You can download the trocco logo here.

image.png

  1. Configure SAML
    The Single sign on URL setting is different for each account. Manage trocco → Security → Check from SS using SAML authentication.

Set the Audience URI (SP Entity ID)https://trocco.io to and EmailAddress for the Name ID format.

image.png

  1. Feedback
    Respond to the feedback and click Finish.

image.png

  1. Assigning User Groups
    You can assign the app you created to users and groups by clicking AssignmentsAssign, and then clicking Assign to People or Assign to Groups.

image.png

  1. Retrieving metadata
    Click Sign OnView Setup Instructions.

image.png

Copy the metadata displayed in the Optional → Provide the following IDP metadata to your SP provider at the bottom of the screen that appears, and paste it into your trocco dashboard.

Example) In the case of Azure AD

In Azure AD, set the identifier and reply URL.
It is not necessary to set the sign-on URL, relay status, and logout URL.

identifier

https://trocco.io/Please use

Reply URL

Please use the URL displayed in "SSO using SAML authentication" on trocco.
SSO using SAML authentication can be viewed by clicking on the top page of trocco in the order of settings > security.
image

SP-side settings

Register your IdP with trocco. SettingsSecurity → Enable SSO using SAML authentication to proceed to the registration screen. Metadata generated by the IdP is used for registration.
Disable password authentication as a login method to trocco, and if you want to use SSO only, select the check box of Login Settings.

image.png

User Addition Procedure

You can still add users from the Administration → Account UsersUser Invitation.

Be sure to match the email address of the user assigned in the IdP with the email address you add to trocco.


Was this article helpful?