How to setup Single Sign On (SSO) authentication

Overview

Teramind allows you to authenticate to the Teramind Dashboard using external identity providers integrated via SAML2 protocol.

We have provided instructions to setup SSO with some of the most popular identity provider below. Instructions for other providers are similar.

i
Note that, a newly generated user will still need to set their password in order make further changes or to login when using the Teramind Revealed Agent.

Onelogin

Step 1: Collect the Authentication settings from the Teramind Dashboard

First, you will need to collect two parameters from your Teramind Dashboard:

1.1 Login to your Teramind dashboard.

1.2 Click the Gear mceclip6.png icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:

mceclip0__13_.png

1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION to enable SSO under the Dashboard authentication section.

1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID. You will need them to set up the Onelogin configuration in the next step.

Step 2: Create an Application and specify the Configuration settings

2.1 Log in to your Onelogin dashboard.

2.2 Click Administration from the top menu if you are not on the admin page already.

2.3 Go to Applications.

2.4 Click the Add App button near the top-right corner.

2.5 Type saml test in the search bar and press Enter. This will show a list of available apps. Select the SAML Test Connector (Advanced) from the list.

mceclip1__8_.png

2.6 Give your connector a Display Name, for example, ‘Teramind Dashboard’. You can also upload icons, add descriptions etc. from this page. Click the Save button when done:

mceclip2__6_.png

2.7 Go to the Configuration tab and fill out the settings according to the table below:

onelogin_2_new_marked.png

Field Name

Value

Audience (EntityID)

TERAMIND ENTITY URL value you captured in Step 1.4.

Recipient

TERAMIND CALLBACK URL value you captured in Step 1.4.

ACS (Consumer) URL

TERAMIND CALLBACK URL value you captured in Step 1.4.

Login URL

TERAMIND CALLBACK URL value you captured in Step 1.4.

SAML initiator

Select Service Provider from the drop-down list.

SAML nameID format

Select Email from the drop-down list.

SAML issue type

Select Specific from the drop-down list.

2.8 Click the Save button when done.

 

Step 3: Specify the Parameters settings

3.1 Click the Parameter tab and press the small ‘+’ button (this will open an Edit Field window).

mceclip3__2_.png

3.2 On the Edit Field window, in the Name field, type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress and press Enter. A Value option will appear. Select Email from the Value pull-down list.

Turn the Include in SAML assertion flag on.

Click the Save button to save the field:

mceclip4__1_.png

i
Make sure you turn on the Include in SAML assertion flag on the Edit Field window. Otherwise you will get an authentication error.

3.3 Repeat step 3.1-3.2 and add two more fields as follows:

Name

Value

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

First Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Last Name

3.4 Once you have added all the three fields, your screen should look like this:

mceclip5__3_.png

 

Step 4: Collect the SSO settings

4.1 Click the SSO tab.

4.2 Under the X.509 Certificate box, click View Details (you can right-click the link and open it in a new browser tab to avoid closing the SSO page):

mceclip6__2_.png

4.3 From the Certificates page, click the Copy to Clipboard mceclip7.pngicon located at the top-right corner of the X.509 Certificate box. Paste the text in Notepad or keep it somewhere safe. You will need it in Step 5.

mceclip8__1_.png

4.4 From the SSO page, copy the Issuer URL and SAML 2.0 Endpoint (HTTP) field values or write them down (you will need them in Step 5):

mceclip9__2_.png

Step 5: Specify the Identity Provider settings on the Teramind dashboard

5.1 Go back to your Teramind dashboard.

5.2 Fill out the settings according to the table below:

mceclip10__2_.png

Field Name

Value

IDENTITY PROVIDER ENTITY ID

Issuer URL value you captured in Step 4.4.

IDENTITY PROVIDER AUTHENTICATION URL

SAML 2.0 Endpoint (HTTP) value you captured in Step 4.4.

IDENTITY PROVIDER CERTIFICATE

The X.509 certificate value you copied in Step 4.3.

5.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.

5.4 Click the SAVE button when done.

 

Okta

Step 1: Collect the Authentication settings from the Teramind Dashboard

First, you will need to collect two parameters from your Teramind Dashboard:

1.1 Login to your Teramind dashboard.

1.2 Click the Gear mceclip6.png icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:

mceclip0__14_.png

1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION to enable SSO under the Dashboard authentication section.

1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID. You will need them to set up the Onelogin configuration in the next step.

 

Step 2: Create an Application

2.1 Log in to your Okta dashboard.

2.2 Click Admin from the top menu if you are not on the admin page already:

mceclip0__15_.png

2.3 Click the Applications main menu and select Applications from the drop-down menu:

mceclip1__9_.png

2.4 From the Applications screen, click the Add Applications button:

mceclip2__7_.png

2.5 From the Add Application screen, click the Create New App button:

mceclip3__3___1_.png

2.6 From the Create a New Application Integration pop-up window, select Web for the Platform and SAML 2.0 for the Sign on method options then click the Create button:

mceclip4__2_.png

 

Step 3: Create a SAML integration – General Settings

3.1 On the first tab, General Settings, enter an App Name, for example, ‘Teramind Dashboard’. You can also upload a logo, configure visibly etc. from this page. Click the Next button when done:

mceclip5__4_.png

 

Step 4: Create a SAML integration – Configure SAML

4.1 On the second tab, Configure SAML, you will see several GENERAL options. Configure them according to the table below:

mceclip6__3_.png

Field Name

Value

Single sign on URL

TERAMIND CALLBACK URL value you captured in Step 1.4. Also make sure the Use this for Recipient URL and Destination URL option is checked.

Audience URI (SP Entity ID)

TERAMIND ENTITY URL value you captured in Step 1.4.

Name ID format

Select EmailAddress from the drop-down list.

Application username

Select Email from the drop-down list.

Update application username on

Select Create and update from the drop-down list.

4.2 On the same screen, near the middle, you will see several ATTRIBUTE ELEMENTS options. Use the Add Another button to add three attributes and configure them according to the table below. Click the Next button when done:

mceclip7__1_.png

Name

Name format

Value

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Basic

user.email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Basic

user.firstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Basic

user.lastName

 

Step 5: Create a SAML integration – Feedback

5.1 On the last tab, Feedback, select I'm an Okta customer adding an internal app for the Are you a customer or partner? And, select This is an internal app that we have created for the App type option. Click the Finish button when done:

mceclip9__3_.png

 

Step 6: Collect the SSO settings

6.1 Once you finish the previous step, you will be taken to your app’s page and the. You should be on the Sing On tab automatically. If not, click the tab to select it. On this screen, you will see a warning message, ‘SAML 2.0 is not configured until…’ and a View Setup Instructions button under the warning. Click the button:

mceclip10__3_.png

6.2 Once you finish the previous step, you will be taken to a new page. Copy the first three values, Identity Provider Single Sign-On URL, 2. Identity Provider Issuer and 3. X.509 Certificate. You will need it in Step 7 later:

mceclip11__1_.png

 

Step 7: Specify the Identity Provider settings on the Teramind dashboard

7.1 Go back to your Teramind dashboard.

7.2 Fill out the settings according to the table below:

mceclip10__4_.png

Field Name

Value

IDENTITY PROVIDER ENTITY ID

Identity Provider Issuer value you captured in Step 6.2.

IDENTITY PROVIDER AUTHENTICATION URL

Identity Provider Single Sign-On URL value you captured in Step 6.2.

IDENTITY PROVIDER CERTIFICATE

The X.509 certificate value you copied in Step 6.2.

7.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.

7.4 Click the SAVE button when done.

 

 

Was this article helpful?
0 out of 1 found this helpful