Integrating Trusona and Mattermost

This guide details the steps required to configure Trusona as a passwordless authentication solution for Mattermost.

By Clayton Lengel-Zigich
Updated Nov 25, 2019

1. What’s in this doc

• 1. Getting started
  • 1.1. Step 1: Gather data
  • 1.2. Step 2: Email Trusona
    • 1.2.1. Sent by Trusona
  • 1.3. Step 2: Configuring SAML
    • 1.3.1. SAML 2.0 settings
  • 1.4. Step 5: Testing the integration
  • 1.5. Vanity URL setup

1. Getting started

1.1. Step 1: Gather data

1. Log into Mattermost as an Admin
2. Navigate to the “System Console”
3. Click “SAML 2.0” in the Authentication section of the “System Console”
4. Copy the value in the field named “Service Provider Login URL.” This is also known as the Assertion Consumer Service URL and will be sent to Trusona in step 2.

1.2. Step 2: Email Trusona

Send an email to support@trusona.com with the following information:

Subject: Mattermost Integration

• Required:
  • Company name
  • Email domain(s) associated with your Mattermost users. (e.g. yourcompany.com)
  • Service Provider Login URL from step 1
• Optional
  • A vanity url you would like users to see when using Trusona to login to Mattermost (e.g. https://mattermost.yourcompany.com)

1.2.1. Sent by Trusona

Trusona will send you the following via email:

• SAML SSO URL
• Identity Provider Issuer URL
• Identity Provider Public Certificate

1.3. Step 2: Configuring SAML

1. Log into Mattermost as an Admin
2. Navigate to the “System Console”
3. Click “SAML 2.0” in the Authentication section of the “System Console”

1.3.1. SAML 2.0 settings

1. Set “Enabled Login with SAML 2.0” to “true”
2. Set “Enable Synchronizing SAML Accounts with AD/LDAP” to “false”
3. Set “Override SAML bind data with AD/LDAP information” to “false”
4. Enter the value provided by Trusona for the “SAML SSO URL” field
5. Enter the value provided by Trusona for the “Identity Provider Issuer URL” field
6. Upload the certificate provided by Trusona as the “Identity Provider Public Certificate”
7. Set “Verify Signature” to “false”
8. Enter “email” for the “Email Attribute” and “Username Attribute” field.
9. Leave the other attribute fields blank
10. Click “Save”

1.4. Step 5: Testing the integration

1. Open a new private browsing window
2. Navigate to your Mattermost instance
3. Login with Trusona

1.5. Vanity URL setup

Add a new CNAME DNS record for your domain.

1. Set the “host” value to the URL you’d like users to see when logging in
2. Set the “Answer” value to ssl.trusona.net
3. Set the TTL to 300

Here’s an example of a CNAME answer when retrieved by dig tada.trusona.com.

tada.trusona.com. 3600 IN CNAME ssl.trusona.net.

---