Single Sign-On (SSO) allows you to sign in to Trackado using your SSO provider instead of using a separate username and password. Trackado supports SAML.
SSO is configured in the settings menu under "SSO Configuration".
1. Maintain the Sign-In URL from your SSO provider and the certificate.
2. Set up the authentication callback to point to Trackado
Entity id: https://app.trackado.com/
SAML callback url: https://app.trackado.com/Saml/Callback
If you are using OKTA you should use https://app.trackado.com/Saml/Callback as the OKTA login url.
3. Verify the sent SAML response to Trackado
The expected SAML Response should contains the following xml data:
CERTIFICATE
//ds:X509Certificate
SIGNATURE
//ds:Signature
EMAIL
/samlp:Response/saml:Assertion[1]/saml:AttributeStatement/saml:Attribute[@Name='User.email']/saml:AttributeValue
FIRSTNAME
/samlp:Response/saml:Assertion[1]/saml:AttributeStatement/saml:Attribute[@Name='User.FirstName']/saml:AttributeValue
LASTNAME
/samlp:Response/saml:Assertion[1]/saml:AttributeStatement/saml:Attribute[@Name='User.LastName']/saml:AttributeValue
COMPANY Name
"/samlp:Response/saml:Assertion[1]/saml:AttributeStatement/saml:Attribute[@Name='User.CompanyName']/saml:AttributeValue
Example Configuration from Azure AD:
You can also specify if you want to enforce SSO. If you tick the corresponding box, the users will only be allowed to use SSO to sign-in and a sign-in using the username and password will no longer be possible.
By default Trackado expects service provider initiated SSO (SP SSO) but identity provider SSO (IDP SSO) is supported as well. Get in touch with us and we will support you with the configuration of both scenarios.