Integrating Trusona and Mattermost

This guide details the steps required to configure Trusona as a passwordless authentication solution for Mattermost.

By Clayton Lengel-Zigich
Updated Nov 25, 2019

• 1. Getting started
  • 1.1. Gather data
• 2. Set Up Configuration
  • 2.1. Log into Trusona
  • 2.2. Navigate to the generic integration option(s)
  • 2.3. Creating a new generic integration
  • 2.4. Customize & Upload Data
  • 2.5. Additional actions for integrations
  • 2.6. Configuring SAML
    • 2.6.1. SAML 2.0 settings
  • 2.7. Testing the integration
  • 2.8. Vanity URL setup

1. Getting started

1.1. Gather data

1. Log into Mattermost as an Admin
2. Navigate to the “System Console”
3. Click “SAML 2.0” in the Authentication section of the “System Console”
4. Copy the value in the field named “Service Provider Login URL.” This is also known as the Assertion Consumer Service URL and will be sent to Trusona in step 2.

2. Set Up Configuration

2.1. Log into Trusona

Log into your Trusona account at trusona.dashboard.com

Log into the Trusona dashboard

2.2. Navigate to the generic integration option(s)

Locate the navigation bar on the left side of the main page, and click on the Generic SAML tab

Navigate to the correct tab

2.3. Creating a new generic integration

Click on the Create button to begin

Navigate to the correct tab

2.4. Customize & Upload Data

Be sure to fill in all the necessary information requested, and upload any files/documents needed. Failure to do so may prevent Trusona from creating the integration successfully

Fill out all the necessary information carefully

2.5. Additional actions for integrations

Once you have created your integration, you will be redirected back to the integration dashboard. From there, you should be able to see your new integration listed.

To the right of it, click on the Actions button. You will be presented with a number of different options you can select, depending on your requirements.

Click on the Actions button for further configuration details

2.6. Configuring SAML

1. Log into Mattermost as an Admin
2. Navigate to the “System Console”
3. Click “SAML 2.0” in the Authentication section of the “System Console”

2.6.1. SAML 2.0 settings

1. Set “Enabled Login with SAML 2.0” to “true”
2. Set “Enable Synchronizing SAML Accounts with AD/LDAP” to “false”
3. Set “Override SAML bind data with AD/LDAP information” to “false”
4. Enter the value provided by Trusona for the “SAML SSO URL” field
5. Enter the value provided by Trusona for the “Identity Provider Issuer URL” field
6. Upload the certificate provided by Trusona as the “Identity Provider Public Certificate”
7. Set “Verify Signature” to “false”
8. Enter “email” for the “Email Attribute” and “Username Attribute” field.
9. Leave the other attribute fields blank
10. Click “Save”

2.7. Testing the integration

1. Open a new private browsing window
2. Navigate to your Mattermost instance
3. Login with Trusona

2.8. Vanity URL setup

Add a new CNAME DNS record for your domain.

1. Set the “host” value to the URL you’d like users to see when logging in
2. Set the “Answer” value to ssl.trusona.net
3. Set the TTL to 300

Here’s an example of a CNAME answer when retrieved by dig tada.trusona.com.

tada.trusona.com. 3600 IN CNAME ssl.trusona.net.

---