- 1. Prerequisites
- 2. Configuring SAML in the Trusona Dashboard
- 3. Configuring SAML in Keeper
- 4. Configuring the Trusona Dashboard
Before proceeding, ensure that you have the following steps completed:
- Access to the Keeper Admin Console.
- Have admin access to the Trusona Dashboard. If your company does not have an account, visit the Trusona Dashboard to create one. Otherwise, consult with the owner of your company’s Trusona Dashboard account in order to create the integration.
2. Configuring SAML in the Trusona Dashboard
2.1. Create the SAML Integration
- Navigate to the Trusona Dashboard and log into your account.
- From your Trusona account dashboard, select ‘Generic SAML’ on the left-hand navigation.
- On the Generic SAML Integrations page, click on ‘Create SAML Integration’.
- Enter the following information:
- Name: Name of your integration
- Select ‘Save’. You will be redirected back to the Generic SAML Integrations page.
2.2. Download the Trusona Metadata as an XML
- Find your newly created SAML integration, click on the ‘Actions’ button to the right, and select ‘Download Certificate’ and ‘View metadata XML’.
- Save the page as an XML.
- Click ‘Save’ at the bottom.
3. Configuring SAML in Keeper
3.1. Setting up the Node
- Login to the Keeper Admin Console.
- Once logged in, click on the ‘Admin’ menu and create a new node.
- Add the node, then visit ‘Provisioning’ and click Add Method.
- Select ‘Single Sign-On with SSO Connect Cloud’ then click ‘Next’ in the bottom right corner.
Configuration Name: This is for internal Keeper use only. Users will not see this.
Enterprise Domain: This is the outward facing name. Users may use this when creating an account.
Just-In-Time Provisioning: Optional: Clicking the checkbox will allow users to create accounts in the node by typing in the Enterprise Domain name when signing up.
Click ‘Save’ and the ‘Edit cofiguration’ page will show.
Under the dropdown for ‘IDP Type’ select ‘Generic’.
Upload the XML saved from the Trusona Dashboard to the ‘SAML Metada’ field.
- Under ‘Identity Provider Attribute Mappings’ enter the following:
- First Name: given_name
- Last Name: name
- Email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
3.2. Copying SAML Information from Keeper
- From the ‘Edit Configuration’ page, click the back button.
- Click on the three dots under ‘Edit’ and then ‘View’.
- Take note of the following URLs below ‘Service Provider’:
- IDP Initiated Login Endpoint
- Assertion Consumer Service (ACS) Endpoint
- Single Logout Service (SLO) Endpoint
3.3. Downloading the Keeper SP Certificate
- Select the ‘Export SP Cert’ button to download the certificate at the top of the page.
3.4. Syncing Keeper
- Click on the back arrow to the left on ‘Single Sign-On with SSO Connect Cloud’.
- From the Admin page, click on the ‘Quick Sync’ button in the top right corner and select ‘Full Sync’.
Please refer to Keeper’s documentation for troubleshooting.
4. Configuring the Trusona Dashboard
4.1. Uploading the Certificate
- Log into the Trusona Dashboard.
- Select ‘Generic SAML’ on the left-hand navigation.
- Locate the SailPoint Integration you previously created and select ‘Actions’.
- Select ‘Edit’.
- Upload the certificate that was downloaded from Keeper by clicking ‘Choose File’ button under ‘Certificate’ and selecting the .cert file.
4.2. Inputing SAML Information from Keeper into Trusona
- Enter the information from step 3.2 into your integration in the Trusona Dashboard.
- Assertion consumer service URL: Assertion Consumer Service (ACS) Endpoint
- Starting URL: IDP Initiated Login Endpoint
- Single logout URL: Single Logout Service (SLO) Endpoint
- Click ‘Save’.