This document is intended to assist customers in configuring SAML-based Single-Sign-On with their TerraTrue instance when using OneLogin as their identity provider. For more information about the methods of authentication supported by TerraTrue, please visit this help article.
Configuring SSO requires changes on the TerraTrue side as well as changes on your OneLogin identity provider.
For those very experienced with administering SSO, here’s the gist:
- Install the TerraTrue app in OneLogin
- Provide us the Issuer URL from that TerraTrue app.
- We’ll provide you with a unique SSO ID to configure in the same TerraTrue app and you’ll then be able to login with SSO.
- Once it is all working, reach out to us again to make SSO your exclusive means of authentication should you like us to do so.
For those less familiar with administering SSO, here are step-by-step instructions on how to configure it.
Step 1: Install the TerraTrue application on your OneLogin instance
From your OneLogin Administration panel, click on the Applications menu and select the Applications entry. You will see the following screen where you’ll click on Add App on the top right corner.
Type TerraTrue in the search box and you will see the following screen from which you’ll then install the TerraTrue application.
Step 2: Gather information from the TerraTrue application in OneLogin
We require one piece of information unique to your own installation in the TerraTrue app in OneLogin, namely the Issuer URL. From that URL, we are able to extract all the necessary configuration elements.
To obtain the Issuer URL, access the TerraTrue app in OneLogin, select SSO from the left side-bar and copy the Issuer URL seen on the ensuing page.
Step 3: Configure the TerraTrue application in OneLogin
When you reach out to us, we’ll provide you with a unique token called the “TerraTrue unique SSO ID.” You’ll need to enter this token in your TerraTrue app on OneLogin under the Configuration tab. Please refer to the image below with a sample token added.
Step 4: Test logging in with SSO
Once you save the TerraTrue application, test that it works with SSO by performing a login from OneLogin.
Then also attempt the same by performing a login from the TerraTrue web-application at http://launch.terratrue.com. You will be prompted for your email address and once you provide it and click ‘Next,’ you will see a button to login with your SSO provider. Ensure it’s successful.
Step 5: Make SSO mandatory
Once you deploy the TerraTrue app to your users and they are able to login through SSO, please let us know, and notify us whether you would like to make SSO mandatory, thereby disabling password login should it be enabled. Note that for now, we cannot disable Google sign-in.