Help Topics |
---|
Overview
Teramind allows you to authenticate to the Teramind Dashboard using external identity providers integrated via SAML2 protocol.
We have provided instructions to setup SSO with some of the most popular identity provider below. Instructions for other providers are similar.
i
|
Note that, a newly generated user will still need to set their password in order make further changes or to login when using the Teramind Revealed Agent. |
Onelogin
Step 1: Collect the Authentication settings from the Teramind Dashboard
First, you will need to collect two parameters from your Teramind Dashboard:
1.1 Login to your Teramind dashboard.
1.2 Click the Gear icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:
1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION to enable SSO under the Dashboard authentication section.
1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID. You will need them to set up the Onelogin configuration in the next step.
Step 2: Create an Application and specify the Configuration settings
2.1 Log in to your Onelogin dashboard.
2.2 Click Administration from the top menu if you are not on the admin page already.
2.3 Go to Applications.
2.4 Click the Add App button near the top-right corner.
2.5 Type saml test
in the search bar and press Enter. This will show a list of available apps. Select the SAML Test Connector (Advanced) from the list.
2.6 Give your connector a Display Name, for example, ‘Teramind Dashboard’. You can also upload icons, add descriptions etc. from this page. Click the Save button when done:
2.7 Go to the Configuration tab and fill out the settings according to the table below:
Field Name |
Value |
Audience (EntityID) |
TERAMIND ENTITY URL value you captured in Step 1.4. |
Recipient |
TERAMIND CALLBACK URL value you captured in Step 1.4. |
ACS (Consumer) URL |
TERAMIND CALLBACK URL value you captured in Step 1.4. |
Login URL |
TERAMIND CALLBACK URL value you captured in Step 1.4. |
SAML initiator |
Select Service Provider from the drop-down list. |
SAML nameID format |
Select Email from the drop-down list. |
SAML issue type |
Select Specific from the drop-down list. |
2.8 Click the Save button when done.
Step 3: Specify the Parameters settings
3.1 Click the Parameter tab and press the small ‘+’ button (this will open an Edit Field window).
3.2 On the Edit Field window, in the Name field, type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
and press Enter. A Value option will appear. Select Email from the Value pull-down list.
Turn the Include in SAML assertion flag on.
Click the Save button to save the field:
i
|
Make sure you turn on the Include in SAML assertion flag on the Edit Field window. Otherwise you will get an authentication error. |
3.3 Repeat step 3.1-3.2 and add two more fields as follows:
Name |
Value |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
First Name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Last Name |
3.4 Once you have added all the three fields, your screen should look like this:
Step 4: Collect the SSO settings
4.1 Click the SSO tab.
4.2 Under the X.509 Certificate box, click View Details (you can right-click the link and open it in a new browser tab to avoid closing the SSO page):
4.3 From the Certificates page, click the Copy to Clipboard icon located at the top-right corner of the X.509 Certificate box. Paste the text in Notepad or keep it somewhere safe. You will need it in Step 5.
4.4 From the SSO page, copy the Issuer URL and SAML 2.0 Endpoint (HTTP) field values or write them down (you will need them in Step 5):
Step 5: Specify the Identity Provider settings on the Teramind dashboard
5.1 Go back to your Teramind dashboard.
5.2 Fill out the settings according to the table below:
Field Name |
Value |
IDENTITY PROVIDER ENTITY ID |
Issuer URL value you captured in Step 4.4. |
IDENTITY PROVIDER AUTHENTICATION URL |
SAML 2.0 Endpoint (HTTP) value you captured in Step 4.4. |
IDENTITY PROVIDER CERTIFICATE |
The X.509 certificate value you copied in Step 4.3. |
5.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.
5.4 Click the SAVE button when done.
Okta
Step 1: Collect the Authentication settings from the Teramind Dashboard
First, you will need to collect two parameters from your Teramind Dashboard:
1.1 Login to your Teramind dashboard.
1.2 Click the Gear icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:
1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION to enable SSO under the Dashboard authentication section.
1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID. You will need them to set up the Onelogin configuration in the next step.
Step 2: Create an Application
2.1 Log in to your Okta dashboard.
2.2 Click Admin from the top menu if you are not on the admin page already:
2.3 Click the Applications main menu and select Applications from the drop-down menu:
2.4 From the Applications screen, click the Add Applications button:
2.5 From the Add Application screen, click the Create New App button:
2.6 From the Create a New Application Integration pop-up window, select Web for the Platform and SAML 2.0 for the Sign on method options then click the Create button:
Step 3: Create a SAML integration – General Settings
3.1 On the first tab, General Settings, enter an App Name, for example, ‘Teramind Dashboard’. You can also upload a logo, configure visibly etc. from this page. Click the Next button when done:
Step 4: Create a SAML integration – Configure SAML
4.1 On the second tab, Configure SAML, you will see several GENERAL options. Configure them according to the table below:
Field Name |
Value |
Single sign on URL |
TERAMIND CALLBACK URL value you captured in Step 1.4. Also make sure the Use this for Recipient URL and Destination URL option is checked. |
Audience URI (SP Entity ID) |
TERAMIND ENTITY URL value you captured in Step 1.4. |
Name ID format |
Select EmailAddress from the drop-down list. |
Application username |
Select Email from the drop-down list. |
Update application username on |
Select Create and update from the drop-down list. |
4.2 On the same screen, near the middle, you will see several ATTRIBUTE ELEMENTS options. Use the Add Another button to add three attributes and configure them according to the table below. Click the Next button when done:
Name |
Name format |
Value |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Basic |
user.email |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
Basic |
user.firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Basic |
user.lastName |
Step 5: Create a SAML integration – Feedback
5.1 On the last tab, Feedback, select I'm an Okta customer adding an internal app for the Are you a customer or partner? And, select This is an internal app that we have created for the App type option. Click the Finish button when done:
Step 6: Collect the SSO settings
6.1 Once you finish the previous step, you will be taken to your app’s page and the. You should be on the Sing On tab automatically. If not, click the tab to select it. On this screen, you will see a warning message, ‘SAML 2.0 is not configured until…’ and a View Setup Instructions button under the warning. Click the button:
6.2 Once you finish the previous step, you will be taken to a new page. Copy the first three values, Identity Provider Single Sign-On URL, 2. Identity Provider Issuer and 3. X.509 Certificate. You will need it in Step 7 later:
Step 7: Specify the Identity Provider settings on the Teramind dashboard
7.1 Go back to your Teramind dashboard.
7.2 Fill out the settings according to the table below:
Field Name |
Value |
IDENTITY PROVIDER ENTITY ID |
Identity Provider Issuer value you captured in Step 6.2. |
IDENTITY PROVIDER AUTHENTICATION URL |
Identity Provider Single Sign-On URL value you captured in Step 6.2. |
IDENTITY PROVIDER CERTIFICATE |
The X.509 certificate value you copied in Step 6.2. |
7.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.
7.4 Click the SAVE button when done.
Comments
0 comments
Please sign in to leave a comment.