1. Getting started
1.1. Gather data
- Log into Mattermost as an Admin
- Navigate to the “System Console”
- Click “SAML 2.0” in the Authentication section of the “System Console”
- Copy the value in the field named “Service Provider Login URL.” This is also known as the Assertion Consumer Service URL and will be sent to Trusona in step 2.
2. Set Up Configuration
2.1. Log into Trusona
Log into your Trusona account at trusona.dashboard.com

2.2. Navigate to the generic integration option(s)
Locate the navigation bar on the left side of the main page, and click on the Generic SAML tab

2.3. Creating a new generic integration
Click on the Create button to begin

2.4. Customize & Upload Data
Be sure to fill in all the necessary information requested, and upload any files/documents needed. Failure to do so may prevent Trusona from creating the integration successfully

2.5. Additional actions for integrations
Once you have created your integration, you will be redirected back to the integration dashboard. From there, you should be able to see your new integration listed.
To the right of it, click on the Actions button. You will be presented with a number of different options you can select, depending on your requirements.

2.6. Configuring SAML
- Log into Mattermost as an Admin
- Navigate to the “System Console”
- Click “SAML 2.0” in the Authentication section of the “System Console”
2.6.1. SAML 2.0 settings
- Set “Enabled Login with SAML 2.0” to “true”
- Set “Enable Synchronizing SAML Accounts with AD/LDAP” to “false”
- Set “Override SAML bind data with AD/LDAP information” to “false”
- Enter the value provided by Trusona for the “SAML SSO URL” field
- Enter the value provided by Trusona for the “Identity Provider Issuer URL” field
- Upload the certificate provided by Trusona as the “Identity Provider Public Certificate”
- Set “Verify Signature” to “false”
- Enter “email” for the “Email Attribute” and “Username Attribute” field.
- Leave the other attribute fields blank
- Click “Save”
2.7. Testing the integration
- Open a new private browsing window
- Navigate to your Mattermost instance
- Login with Trusona
2.8. Vanity URL setup
Add a new CNAME DNS record for your domain.
- Set the “host” value to the URL you’d like users to see when logging in
- Set the “Answer” value to ssl.trusona.net
- Set the TTL to 300
Here’s an example of a CNAME answer when retrieved by dig tada.trusona.com
.
tada.trusona.com. 3600 IN CNAME ssl.trusona.net.