How to setup Single Sign On (SSO) authentication

Help Topics

 

Overview

Teramind allows you to authenticate to the Teramind Dashboard using external identity providers integrated via SAML2 protocol.

We have provided instructions to setup SSO with some of the most popular identity provider below. Instructions for other providers are similar.

Onelogin

Step 1: Collect the Authentication settings from the Teramind Dashboard

First, you will need to collect two parameters from your Teramind Dashboard:

1.1 Login to your Teramind dashboard.

1.2 Click the Gear  icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:

1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION to enable SSO under the Dashboard authentication section.

1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID. You will need them to set up the Onelogin configuration in the next step.

Step 2: Create an Application and specify the Configuration settings

2.1 Log in to your Onelogin dashboard.

2.2 Click Administration from the top menu if you are not on the admin page already.

2.3 Go to Applications.

2.4 Click the Add App button near the top-right corner.

2.5 Type saml test in the search bar and press Enter. This will show a list of available apps. Select the SAML Test Connector (Advanced) from the list.

2.6 Give your connector a Display Name, for example, ‘Teramind Dashboard’. You can also upload icons, add descriptions etc. from this page. Click the Save button when done:

2.7 Go to the Configuration tab and fill out the settings according to the table below:

 

Field Name	Value
Audience (EntityID)	TERAMIND ENTITY URL value you captured in Step 1.4.
Recipient	TERAMIND CALLBACK URL value you captured in Step 1.4.
ACS (Consumer) URL	TERAMIND CALLBACK URL value you captured in Step 1.4.
Login URL	TERAMIND CALLBACK URL value you captured in Step 1.4.
SAML initiator	Select Service Provider from the drop-down list.
SAML nameID format	Select Email from the drop-down list.
SAML issue type	Select Specific from the drop-down list.

2.8 Click the Save button when done.

 

Step 3: Specify the Parameters settings

3.1 Click the Parameter tab and press the small ‘+’ button (this will open an Edit Field window).

3.2 On the Edit Field window, in the Name field, type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress and press Enter. A Value option will appear. Select Email from the Value pull-down list.

Turn the Include in SAML assertion flag on.

Click the Save button to save the field:

3.3 Repeat step 3.1-3.2 and add two more fields as follows:

Name	Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname	First Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname	Last Name

3.4 Once you have added all the three fields, your screen should look like this:

 

Step 4: Collect the SSO settings

4.1 Click the SSO tab.

4.2 Under the X.509 Certificate box, click View Details (you can right-click the link and open it in a new browser tab to avoid closing the SSO page):

4.3 From the Certificates page, click the Copy to Clipboard icon located at the top-right corner of the X.509 Certificate box. Paste the text in Notepad or keep it somewhere safe. You will need it in Step 5.

4.4 From the SSO page, copy the Issuer URL and SAML 2.0 Endpoint (HTTP) field values or write them down (you will need them in Step 5):

Step 5: Specify the Identity Provider settings on the Teramind dashboard

5.1 Go back to your Teramind dashboard.

5.2 Fill out the settings according to the table below:

Field Name	Value
IDENTITY PROVIDER ENTITY ID	Issuer URL value you captured in Step 4.4.
IDENTITY PROVIDER AUTHENTICATION URL	SAML 2.0 Endpoint (HTTP) value you captured in Step 4.4.
IDENTITY PROVIDER CERTIFICATE	The X.509 certificate value you copied in Step 4.3.

5.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.

5.4 Click the SAVE button when done.

 

Okta

Step 1: Collect the Authentication settings from the Teramind Dashboard

First, you will need to collect two parameters from your Teramind Dashboard:

1.1 Login to your Teramind dashboard.

1.2 Click the Gear  icon near the top-right corner of the dashboard, select Settings. Then, select the Security tab:

1.3 Turn on the SINGLE-SIGN-ON AUTHENTICATION to enable SSO under the Dashboard authentication section.

1.4 Note/copy the information in the TERAMIND CALL BACK URL and TERAMIND ENTITY ID. You will need them to set up the Onelogin configuration in the next step.

 

Step 2: Create an Application

2.1 Log in to your Okta dashboard.

2.2 Click Admin from the top menu if you are not on the admin page already:

2.3 Click the Applications main menu and select Applications from the drop-down menu:

2.4 From the Applications screen, click the Add Applications button:

2.5 From the Add Application screen, click the Create New App button:

2.6 From the Create a New Application Integration pop-up window, select Web for the Platform and SAML 2.0 for the Sign on method options then click the Create button:

 

Step 3: Create a SAML integration – General Settings

3.1 On the first tab, General Settings, enter an App Name, for example, ‘Teramind Dashboard’. You can also upload a logo, configure visibly etc. from this page. Click the Next button when done:

 

Step 4: Create a SAML integration – Configure SAML

4.1 On the second tab, Configure SAML, you will see several GENERAL options. Configure them according to the table below:

Field Name	Value
Single sign on URL	TERAMIND CALLBACK URL value you captured in Step 1.4. Also make sure the Use this for Recipient URL and Destination URL option is checked.
Audience URI (SP Entity ID)	TERAMIND ENTITY URL value you captured in Step 1.4.
Name ID format	Select EmailAddress from the drop-down list.
Application username	Select Email from the drop-down list.
Update application username on	Select Create and update from the drop-down list.

4.2 On the same screen, near the middle, you will see several ATTRIBUTE ELEMENTS options. Use the Add Another button to add three attributes and configure them according to the table below. Click the Next button when done:

Name	Name format	Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress	Basic	user.email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname	Basic	user.firstName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname	Basic	user.lastName

 

Step 5: Create a SAML integration – Feedback

5.1 On the last tab, Feedback, select I'm an Okta customer adding an internal app for the Are you a customer or partner? And, select This is an internal app that we have created for the App type option. Click the Finish button when done:

 

Step 6: Collect the SSO settings

6.1 Once you finish the previous step, you will be taken to your app’s page and the. You should be on the Sing On tab automatically. If not, click the tab to select it. On this screen, you will see a warning message, ‘SAML 2.0 is not configured until…’ and a View Setup Instructions button under the warning. Click the button:

6.2 Once you finish the previous step, you will be taken to a new page. Copy the first three values, Identity Provider Single Sign-On URL, 2. Identity Provider Issuer and 3. X.509 Certificate. You will need it in Step 7 later:

 

Step 7: Specify the Identity Provider settings on the Teramind dashboard

7.1 Go back to your Teramind dashboard.

7.2 Fill out the settings according to the table below:

Field Name	Value
IDENTITY PROVIDER ENTITY ID	Identity Provider Issuer value you captured in Step 6.2.
IDENTITY PROVIDER AUTHENTICATION URL	Identity Provider Single Sign-On URL value you captured in Step 6.2.
IDENTITY PROVIDER CERTIFICATE	The X.509 certificate value you copied in Step 6.2.

7.3 From this page, you can also enable/disable AUTOREGISTER NEW AGENTS and default options for newly created agents.

7.4 Click the SAVE button when done.