Integrating Trusona and Thycotic Secret Server

This guide details the steps required to configure Trusona as a passwordless authentication solution for your Thycotic Secret Server.

By Clayton Lengel-Zigich
Updated Dec 18, 2019

• 1. Getting started
  • 1.1. Configuring SAML
    • 1.1.1. General settings
• 2. Trusona Dashboard
  • 2.1. Configure Trusona Integration
    • 2.1.1. Log into Trusona
    • 2.1.2. Navigate to the generic integration option(s)
    • 2.1.3. Creating a new generic integration
    • 2.1.4. Customize & Upload Data
    • 2.1.5. Additional actions for integrations
  • 2.2. Identity provider setup
  • 2.3. Enable Trusona as the Identity Provider
  • 2.4. Testing the integration
  • 2.5. Vanity URL setup

1. Getting started

1.1. Configuring SAML

1. Login to the Thycotic Admin Portal
2. Click the “Admin” link in the lower left corner of the page
3. Navigate to Configuration > SAML

1.1.1. General settings

1. Under “SAML GENERAL SETTINGS,” click “Edit”
2. Check the checkbox to enable SAML
3. Click “Save”

2. Trusona Dashboard

2.1. Configure Trusona Integration

2.1.1. Log into Trusona

Log into your Trusona account at trusona.dashboard.com

Log into the Trusona dashboard

2.1.2. Navigate to the generic integration option(s)

Locate the navigation bar on the left side of the main page, and click on the Generic SAML tab

Navigate to the correct tab

2.1.3. Creating a new generic integration

Click on the Create button to begin

Navigate to the correct tab

2.1.4. Customize & Upload Data

Be sure to fill in all the necessary information requested, and upload any files/documents needed. Failure to do so may prevent Trusona from creating the integration successfully

Fill out all the necessary information carefully

2.1.5. Additional actions for integrations

Once you have created your integration, you will be redirected back to the integration dashboard. From there, you should be able to see your new integration listed.

To the right of it, click on the Actions button. You will be presented with a number of different options you can select, depending on your requirements.

Click on the Actions button for further configuration details

2.2. Identity provider setup

1. Click “Create new Identity Provider”
2. Choose the “Import IdP from XML Metadata” option
3. Upload the IdP XML Metadata file sent to you by Trusona in step 2
4. Click “Advanced Settings” for the imported metadata
5. Un-check all fields except:
   • “Sign Authn Request”
   • “Require Signed Assertion” (or “Signed SAML Response”)
6. Click “Ok”

2.3. Enable Trusona as the Identity Provider

The following steps finalize the use of Trusona as a third party SAML Identity Provider.

1. Click the pencil icon next to the trash can icon
2. Deselect “Enabled” for “SINGLE LOGOUT”
3. Click OK

2.4. Testing the integration

1. Open a new private browsing window
2. Navigate to your Thycotic instance
3. Login with Trusona

2.5. Vanity URL setup

Add a new CNAME DNS record for your domain.

1. Set the “host” value to the URL you’d like users to see when logging in
2. Set the “Answer” value to ssl.trusona.net
3. Set the TTL to 300

Here’s an example of a CNAME answer when retrieved by dig tada.trusona.com.

tada.trusona.com. 3600 IN CNAME ssl.trusona.net.

---