Views:

Prerequisites

Before specifying single sign-on (SSO) settings on the TMEMS administrator console, configure the identity provider you choose for SSO (AD FS 4.0, Azure AD, or Okta).

Refer to the following articles for information:

 
Gather required settings from your identity provider before setting up the administrator console.
 

Enabling SSO

  1. Go to Administration > Administrator Management > Logon Methods.

    Logon Methods

    Click the image to enlarge.

  2. In the Single Sign-On section, click the toggle button to enable SSO.

    Enable SSO

    Click the image to enlarge.

  3. Click Add to create an SSO profile.

    Add SSO Profile

    Click the image to enlarge.

  4. Configure general information for SSO.
    • Profile Name: specify the SSO profile name
    • Unique Identifier: provide the identifier that is globally unique to your site.
       
      If you have to change the unique identifier due to conflict with another identifier, make sure you also change it in your identity provider configuration.
       
    • Administrator Console: automatically generated upon adding the Unique Identifier

    General Information

    Click the image to enlarge.

  5. Select the subaccounts to which the current profile applies:
    • All subaccounts: applies this profile to all subaccounts.
       
      You can create only one profile that is applied to all subaccounts.
       

      All Sub-accounts

      Click the image to enlarge.

    • Specified subaccounts: applies this profile to specified subaccounts.
      Select subaccounts from the Available pane and click Add > to add them to the Selected pane.

      Specific Sub-accounts

      Click the image to enlarge.

  6. Complete identity provider configuration for SSO.
    1. Select your identity provider from the Identity provider drop-down list.
    2. Specify the logon and logoff URLs for your identity provider.
      (For Okta only) Click Download Logoff Certificate to obtain the certificate file to upload to your federation server.
       

      Use the logon URL collected from AD FS, Azure AD or Okta configurations.

      The logoff URL logs you off and also terminates the current identity provider logon session.

       
    3. Locate the certificate file you downloaded from AD FS, Azure AD or Okta configurations and upload it for signature validation.
    4. Specify the identity claim type based on the claim you configured for AD FS, Azure AD or Okta (e.g. if you use email as the claim name, type email).

      Identity Provider Settings

      Click the image to enlarge.

  7. Click Save to save the profile.
  8. Click Save to save SSO settings.
Keywords: allow SSO for TMEMS,enable SSO in TMEMS,configure SSO for TMEMS,use 3rd-party IdP for TMEMS SSO