SAML SSO Configuration
Triage Private Cloud supports SAML authentication to enable SSO for your organization. This document describes the steps required to enable SAML authentication.
Only Service Provider (SP) initiated SSO is supported. IdP initiated SSO will fail.
1. Request SAML SSO
Contact firstname.lastname@example.org mentioning:
- Your Identity Provider (IdP) (e.g.
- Which (if any) email domains you would like automatically redirected to your SSO (
Support will then provide you:
- Single Sign-on (ACS) URL
- Service Provider Entity ID URL
- SSO start URL
These URLs are required to set up SAML in your Identity Provider (IdP).
2. Add Sandbox to your Identity Provider (IdP)
Configure SAML in your IdP with the provided unique
Entity ID URLs. Configure the app registration to send
the following attributes.
|User Email. Will also be used to link IdP account to pre-existing user in Sandbox.|
|displayname||Name displayed in Sandbox|
|sandbox_role||Role for user (like:
Triage supports SAML SSO through
Azure. Be sure to let us know if you require other identity providers.
IdP specific setup guides:
3. Share your SAML IdP Metadata file
Share your XML file with Support(email@example.com) via a file attachment or link. Support will send out a notification once SAML has been configured for testing. username+password logins will continue to work.
4. Test logging in through SSO
Support will provide you an SSO start URL (example:
https://private.tria.ge/login/saml/<unique identifier>) which
can be used to initiate SSO directly. Test signing in with a user by navigating to this URL.
Reach out to Support(firstname.lastname@example.org) to let them know SAML is configured correctly.
Support will disable username+password login. Existing users will be automatically redirected to SSO. New users signing in with provided email domains or users navigating to the SSO start URL will be redirected to SSO.