Configuring Single Sign-On with OneLogin

Overview

  For information on authentication methods supported by TerraTrue , see How do I add and update users?

TerraTrue allows you to configure SAML-based Single Sign-On (SSO) with your TerraTrue instance by using OneLogin as your identity provider. Configuring SSO will require changes on the TerraTrue side as well as changes on your OneLogin identity provider.

Quick configuration guide

For those very experienced with administering SSO, here's the a quick breakdown:

  1. Install the TerraTrue app in OneLogin
  2. Provide us the Issuer URL from that TerraTrue app
  3. We'll provide you with a unique SSO ID to configure in the same TerraTrue app and you'll then be able to login with SSO
  4. Once it is all working, reach out to us again to make SSO your exclusive means of authentication should you like us to do so

Detailed configuration guide

For those less familiar with administering SSO, here are step-by-step instructions on how to configure OneLogin and TerraTrue:

Install the TerraTrue application on your OneLogin instance

  1. From your OneLogin Administration panel, find the Applications menu and select the Applications entry. You will see the following screen where you'll click on Add App on the top right corner.Add applications page.
  2. Enter "TerraTrue" in the search box to surface the following screen, from which you’ll install the TerraTrue application:
    App configuration page.

Gather information from the TerraTrue application in OneLogin

  1. TerraTrue requires one piece of information unique to your own installation in the TerraTrue app in OneLogin, namely the Issuer URL. From that URL, we are able to extract all the necessary configuration elements.
  2. To obtain the Issuer URL, access the TerraTrue app in OneLogin, select SSO from the left side-bar and copy the Issuer URL seen on the ensuing page
    SSO url page.
  3. Once you have that URL, send it to us at support@terratrue.com

Configure the TerraTrue application in OneLogin

  1. When you reach out to us, we’ll provide you with a unique token called the "TerraTrue unique SSO ID."
  2. Enter this token in your TerraTrue app on OneLogin under the Configuration tab. Refer to the image below with a sample token added:

Find applications page with TerraTrue shown.

Test logging in with SSO

  1. Once you save the TerraTrue application, test that it works with SSO by performing a login from OneLogin
  2. Run a second test by performing a login from the TerraTrue web-application at http://launch.terratrue.com.
  3. Provide your email address, and click Next
  4. You'll see a button to login with your SSO provider. Ensure it’s successful.

Make SSO mandatory

  1. Once you deploy the TerraTrue app to your users and they are able to login through SSO, please let us know, and notify us whether you'd like to make SSO mandatory, thereby disabling password login should it be enabled.
  2. Note that for now, TerraTrue cannot disable Google sign-in.