Trusona allows you to have a passwordless experience with many applications that support SAML 2.0 (Security Assertion Markup Language). If you do not see documentation for your application, that’s ok! You can use the information below in addition to your application’s SAML documentation to integrate with Trusona using an SP-initiated login.
- Trusona is considered IdP (identity provider)
- The application you are integrating Trusona with is considered the SP (service provider)
1. IdP (Identity Provider) Configurations
- Log into the Trusona Dashboard
- Click on SAML integrations
- Select ‘Create SAML Integration’
- Enter a name for your SAML integration
- If your Service Provider doesn’t sign requests, enter the Service Provider’s ACS URL in the Assertion Consumer Service URL field
- Upload the Service Provider’s certificate
- If your Service Provider doesn’t sign requests, you can skip this step
- Select ‘Save’
2. IdP (Identity Provider) Information
- On the SAML integrations page in the Trusona Dashboard, click ‘Actions’ next to the integration you just configured
- Select, Download Certificate
- Select Actions again
- Right click on ‘View Metadata XML’ and open link in a new tab
On the Metadata XML tab, note the following information for your service provider
- Entity ID
- This will be listed at the top of the XML and will have entityID= listed before the URL
- SSO URL
- Find ‘SingleSignOnService’ in the XML file. The SSO URL will be listed at the end of that line
3. SP (Service Provider) Configurations
Please refer to your Service Providers SAML configuration documentation.
- When asked for the IdP Entity ID, enter the Entity ID you grabbed from the XML file on Step 3.a.i.
- This may be labelled differently depending on your Service Provider.
- When asked for the SSO URL, enter the URL you grabbed from the XML file on step 3.b.i. This may be labelled differently depending on your Service Provider.
- Binding: We recommend using HTTP-POST. However, we also support HTTP-Redirect
- Signature Hash Algorithm: SHA-256
- If asked about signing the assertion or response, choose to sign the assertion
Here is an example SAML Response