How to Set Up SAML SSO

Triblio supports single sign on via SAML out of the box. This guide will walk you through the necessary steps to configure in Triblio and your IDP.

Here are the high-level steps to setup SAML SSO for Triblio:

  1. Create a SAML application/connection in your IDP
  2. Configure Triblio to authenticate users via that SAML application
  3. Configure Triblio users to login with SAML

Create a SAML application in your IDP

This process varies a bit from IDP to IDP, but here are the fundamentals that will be the same for all SAML configurations:

  1. Create a SAML application/connection in your IDP
  2. When creating the SAML application, your IDP will provide you with a login URL and an identity provider certificate. Save these - you'll need them when configuring SAML SSO in Triblio.
  3. Set the single sign on URL in your SAML application to post to https://app.triblio.com/saml/consume
  4. Set the URI (SP Entity Id) to triblio_saml
  5. Make sure the SAML assertion is configured to include the user's email address (this will need to match up with the email address of a user added in Triblio in order for the authentication to work)

Configure Triblio to authenticate users via that SAML application

  1. Log in to the Triblio platform directly with a non-SSO account. (Note: this account must be an Admin in Triblio)
  2. Once in the Triblio application, click the "Setup" tab on the left
  3. Click the SAML SSO tab on the left
  4. Now you will see the SAML SSO Integration configuration section:
  5. Add your identity provider login URL and identity provider certificate. Your SSO tool should provide these for you when setting up the SAML application.

Configure Triblio users to login with SAML

  1. Navigate to Triblio Setup and click the Users tab
  2. Click the Edit button next to a user account
  3. Check the Single Sign On box, select SAML from the dropdown menu and click Save 
  4. This user is now allowed to log in to Triblio via the SAML SSO. Repeat steps 2 and 3 for all users who should be able to log in via SAML SSO.

End-to-end SAML SSO Login Process

  • Once you've completed these configuration steps, users log into the Triblio platform by visiting the SAML custom login URL that Triblio generated on the SAML SSO setup page. This URL will be in this format: https://app.triblio.com/login/xyz-customer.
  • The user will then be redirected to the Identity Provider Login URL generated by the SAML application in your IDP. 
  • At this point, the IDP will prompt you to sign in if you haven't already. 
  • Finally, the IDP will post the assertion to https://app.triblio.com/saml/consume and if the email matches a user with SSO enabled in Triblio, the user will be redirected to the app (https://app.triblio.com/app).
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.