Skip to main content
All CollectionsTroubleshooting and How-ToHow-To Articles
How to set up the SSO (Single Sign On) authentication
How to set up the SSO (Single Sign On) authentication
A
Written by Arick Disilva
Updated over a week ago

If you want to set up an Azure SSO, please check out this article instead.

Overview

Teramind allows you to authenticate to the Teramind Dashboard using external identity providers integrated via SAML 2.0 protocol.

We have provided instructions to setup SSO with some of the most popular identity provider below. Instructions for other providers are similar.

Note that, a newly generated user will still need to set their password in order to make further changes or to login when using the Teramind Revealed Agent.

If you change your hostname to a Fully Qualified Domain Name (FQDN) after you have configured the SSO, users might still be redirected to the old host/IP address. To fix that, login from your new host address. The SSO settings will be updated automatically. Save the settings to prevent future redirects. For more information, check out this article.

OneLogin

Step 1: Collect the Authentication settings from the Teramind Dashboard

First, you will need to collect two parameters from your Teramind Dashboard:

1.1 Login to your Teramind Dashboard.

1.2 Click the Gear icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:

sso-1.png

1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION under the Dashboard authentication section. This will show additional options under the Single Sign On Authentication section.

1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID fields. You will need them to set up the OneLogin configuration in the next step.

Step 2: Create an Application and specify the Configuration settings

2.1 Log in to your OneLogin dashboard.

2.2 Click Administration from the top menu if you are not on the admin page already.

2.3 Go to Applications.

2.4 Click the Add App button near the top-right corner.

2.5 Type saml test in the search bar and press Enter. This will show a list of available apps. Select the SAML Test Connector (Advanced) from the list.

mceclip1__8_.png

2.6 Give your connector a Display Name, for example, ‘Teramind Dashboard’. You can also upload icons, add descriptions etc. from this page. Click the Save button when done:

mceclip2__6_.png

2.7 Go to the Configuration tab and fill out the settings according to the table below:

onelogin_2_new_marked.png

Field Name

Value

Audience (EntityID)

TERAMIND ENTITY URL value you captured in Step 1.4.

Recipient

TERAMIND CALLBACK URL value you captured in Step 1.4.

ACS (Consumer) URL

TERAMIND CALLBACK URL value you captured in Step 1.4.

Login URL

TERAMIND CALLBACK URL value you captured in Step 1.4.

SAML initiator

Select Service Provider from the drop-down list.

SAML nameID format

Select Email from the drop-down list.

SAML issue type

Select Specific from the drop-down list.

2.8 Click the Save button when done.

Step 3: Specify the Parameters settings

3.1 Click the Parameter tab and press the small ‘+’ button (this will open an Edit Field window).

mceclip3__2_.png

3.2 On the Edit Field window, in the Name field, type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress and press Enter. A Value option will appear. Select Email from the Value pull-down list.

Turn the Include in SAML assertion flag on.

Click the Save button to save the field:

mceclip4__1_.png

Make sure you turn on the Include in SAML assertion flag on the Edit Field window. Otherwise you will get an authentication error.

3.3 Repeat step 3.1-3.2 and add two more fields as follows:

3.4 Once you have added all the three fields, your screen should look like this:

mceclip5__3_.png

Step 4: Collect the SSO settings

4.1 Click the SSO tab.

4.2 Under the X.509 Certificate box, click View Details (you can right-click the link and open it in a new browser tab to avoid closing the SSO page):

mceclip6__2_.png

4.3 From the Certificates page, click the Copy to Clipboard icon located at the top-right corner of the X.509 Certificate box. Paste the text in Notepad or keep it somewhere safe. You will need it in Step 5.

mceclip8__1_.png

4.4 From the SSO page, copy the Issuer URL and SAML 2.0 Endpoint (HTTP) field values or write them down (you will need them in Step 5):

mceclip9__2_.png

Step 5: Specify the Identity Provider settings on the Teramind dashboard

5.1 Go back to your Teramind dashboard’s Security page (Gear > Settings > Security tab). Scroll to Single Sign On Authentication section:

sso-2.png

5.2 Fill out the three required settings according to the table below. You can also use the optional settings to fine-tune the configurations:

Field Name

Required?

Value

IDENTITY PROVIDER ENTITY ID

YES

Issuer URL value you captured in Step 4.4.

IDENTITY PROVIDER AUTHENTICATION URL

YES

SAML 2.0 Endpoint (HTTP) value you captured in Step 4.4.

IDENTITY PROVIDER CERTIFICATE

YES

The X.509 certificate value you copied in Step 4.3.

IDENTITY PROVIDER METADATA XML FILE

Optional

You can upload the identity provider SAML2 metadata XML file to simplify setup process.

SIGN AUTHORIZATION REQUESTS

Optional

Enable signature for SSO authentication requests and metadata.

WANT ASSERTIONS SIGNED

Optional

Indicates a requirement for the saml:Assertion elements received by this service provider to be signed. (It's an optional digital signature requirement, Teramind always check full saml:Response signature).

AUTOREGISTER NEW AGENTS

Optional

If this option is enabled and if no agent is found with the identity provider email, new agent can be created on login. Once you enable this option, you will set the default options for newly created agents such as, if the new agent/user will be able to playback their history, view activity reports, etc.

5.4 Click the SAVE button when done.

Okta

Step 1: Collect the Authentication settings from the Teramind Dashboard

First, you will need to collect two parameters from your Teramind Dashboard:

1.1 Login to your Teramind dashboard.

1.2 Click the Gear icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:

sso-1.png

1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION under the Dashboard authentication section. This will show additional options under the Single Sign On Authentication section.

1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID fields. You will need them to set up the Okta configuration in the next step.

Step 2: Create an Application

2.1 Log in to your Okta dashboard.

2.2 Click Admin from the top menu if you are not on the admin page already:

mceclip0__15_.png

2.3 Click the Applications main menu and select Applications from the drop-down menu:

mceclip1__9_.png

2.4 From the Applications screen, click the Add Applications button:

mceclip2__7_.png

2.5 From the Add Application screen, click the Create New App button:

mceclip3__3___1_.png

2.6 From the Create a New Application Integration pop-up window, select Web for the Platform and SAML 2.0 for the Sign on method options then click the Create button:

mceclip4__2_.png

Step 3: Create a SAML integration – General Settings

3.1 On the first tab, General Settings, enter an App Name, for example, ‘Teramind Dashboard’. You can also upload a logo, configure visibly etc. from this page. Click the Next button when done:

mceclip5__4_.png

Step 4: Create a SAML integration – Configure SAML

4.1 On the second tab, Configure SAML, you will see several GENERAL options. Configure them according to the table below:

mceclip6__3_.png

Field Name

Value

Single sign on URL

TERAMIND CALLBACK URL value you captured in Step 1.4. Also make sure the Use this for Recipient URL and Destination URL option is checked.

Audience URI (SP Entity ID)

TERAMIND ENTITY URL value you captured in Step 1.4.

Name ID format

Select EmailAddress from the drop-down list.

Application username

Select Email from the drop-down list.

Update application username on

Select Create and update from the drop-down list.

4.2 On the same screen, near the middle, you will see several ATTRIBUTE ELEMENTS options. Use the Add Another button to add three attributes and configure them according to the table below. Click the Next button when done:

mceclip7__1_.png

Step 5: Create a SAML integration – Feedback

5.1 On the last tab, Feedback, select I'm an Okta customer adding an internal app for the Are you a customer or partner? And, select This is an internal app that we have created for the App type option. Click the Finish button when done:

mceclip9__3_.png

Step 6: Collect the SSO settings

6.1 Once you finish the previous step, you will be taken to the Sing On tab automatically. If not, click the tab to select it. On this screen, you will see a warning message, ‘SAML 2.0 is not configured until you complete the setup instructions.’ and a View Setup Instructions button under the warning. Click the button:

mceclip10__3_.png

6.2 Once you finish the previous step, you will be taken to a new page. Copy the first three values, Identity Provider Single Sign-On URL, 2. Identity Provider Issuer and 3. X.509 Certificate. You will need it in Step 7 later:

mceclip11__1_.png

Step 7: Specify the Identity Provider settings on the Teramind dashboard

7.1 Go back to your Teramind dashboard.

7.2 Fill out the settings according to the table below:

mceclip10__4_.png

Field Name

Value

IDENTITY PROVIDER ENTITY ID

Identity Provider Issuer value you captured in Step 6.2.

IDENTITY PROVIDER AUTHENTICATION URL

Identity Provider Single Sign-On URL value you captured in Step 6.2.

IDENTITY PROVIDER CERTIFICATE

The X.509 certificate value you copied in Step 6.2.

7.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.

7.4 Click the SAVE button when done.

Did this answer your question?