Integrating Trusona and Beyond Trust

This guide details the steps required to configure Trusona as a passwordless authentication solution with Beyond Trust Password Safe.

1. Getting started

1.1. Generate Service Provider Certificate

  1. Create a personal information exchange (.pfx) certificate and a public certificate for the BeyondInsight service provider.
  2. Place them both in the following folder on the UVM: C:\Program Files (x86)\eEye Digital Security\Retina CS\WebSiteSAML\Certificates
  3. Save a copy of the public certificate to send to Trusona

1.2. Email Trusona

Send an email to support@trusona.com with the following information:

Subject: Beyond Trust Integration

  • Required:
    • Service Provider public certificate
    • Company name

1.3. Returned by Trusona

Trusona will send you the following via email:

  • Single Sign-on Service URL
  • Single Logout Service URL
  • Partner Certificate File
  • Trusona login page

2. Configuration

2.1. Service Provider configuration

  1. Login to the Beyond Trust server
  2. Copy Trusona’s Partner Certificate File (trusona.cer) to C:\Program Files (x86)\eEye Digital Security\Retina CS\WebSiteSAML\Certificates
  3. Open saml.config located at C:\Program Files (x86)\eEye Digital Security\Retina CS\WebSiteSAML\saml.config
  4. Edit the <ServiceProvider> entry to match the following:
  <ServiceProvider Name="https://[YOUR HOST NAME]/eEye.RetinaCSSAML"
                   Description="BeyondTrust Service Provider"
                   AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
                   LocalCertificateFile="Certificates\sp.pfx"
                   LocalCertificatePassword="[YOUR CERTIFICATE PASSWORD]"/>

2.2. Partner Identity Provider configuration

  1. Copy the Partner Certificate file received from Trusona to C:\Program Files (x86)\eEye Digital Security\Retina CS\WebSiteSAML\Certificates\trusona.crt
  2. Edit saml.config, to add the following:
  <PartnerIdentityProviders>
    <!-- Trusona -->
    <PartnerIdentityProvider Name="https://gateway.trusona.net/saml/metadata"
                             Description="Trusona"
                             SignAuthnRequest="true"
                             SignLogoutRequest="true"
                             WantSAMLResponseSigned="false"
                             WantAssertionSigned="true"
                             WantAssertionEncrypted="true"
                             WantLogoutResponsesSigned="true"
                             SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                             SingleSignOnServiceUrl="https://[Single Sign-on Service URL provided by Trusona]"
                             SingleLogoutServiceUrl="https://[YOUR HOST NAME]/homepage.html"
                             PartnerCertificateFile="Certificates\trusona.crt"/>
  </PartnerIdentityProviders>

2.3. Partner IdP configuration

  1. Open the web.config file located at C:\Program Files (x86)\eEye Digital Security\Retina CS\WebSiteSAML\web.config
  2. Edit the PartnerIdP key and set it to the following:
<add key="PartnerIdP" value="https://gateway.trusona.net/saml/metadata" />

Save web.config and saml.config and restart the Beyond Trust service.

2.4. Trusona login page

  1. Copy the Trusona login page received from Trusona to C:\inetpub\wwwroot
  2. Name the file homepage.html
    1. This file should match the name used as the SingleLogoutServiceUrl in “Partner Identity Provider configuration”

3. Testing the integration

  1. Visit https://[YOUR HOST NAME]/homepage.html
  2. Click on the Login with Trusona Button
  3. Scan the TruCode with the Trusona App
  4. Accept the Trusonafication

You’ve been logged in!


Integrations

Desktop
IAM and SSO
PAM
Productivity
RADIUS
VPN

Guides

Get started guides
Implementation guides
Users guides

SDKs

Mobile SDKs
Server SDKs
Web SDKs

APIs

Authentication Service
ID Proofing Service

TOTP

Business
E-commerce
Finance
Productivity
Social
Gaming
Other