Views:

Prerequisites

Before specifying single sign-on (SSO) settings on the TMEMS administrator console, configure the identity provider you choose for SSO (AD Federation Services, Microsoft Entra ID, or Okta).

Refer to the following articles for information:

 
Gather required settings from your identity provider before setting up the administrator console.

Enabling SSO

  1. Go to Administration > Administrator Management > Logon Methods.
  2. In the Single Sign-On section, click the toggle button to enable SSO.

    Toggle Button SSO

    Click the image to enlarge.

  3. Click Add to create an SSO profile.

    SSO Profile

    Click the image to enlarge.

  4. Configure general information for SSO.
    • Profile Name: specify the SSO profile name
    • Unique Identifier: provide the identifier that is globally unique to your site.
       
      If you have to change the unique identifier due to conflict with another identifier, make sure you also change it in your identity provider configuration.
       
    • Administrator Console: automatically generated upon adding the Unique Identifier

    Administrator Console

    Click the image to enlarge.

  5. Select the subaccounts to which the current profile applies:
    • All subaccounts: applies this profile to all subaccounts.
       
      You can create only one profile that is applied to all subaccounts.
       

      All Sub-accounts

      Click the image to enlarge.

    • Specified subaccounts: applies this profile to specified subaccounts.
      Select subaccounts from the Available pane and click Add > to add them to the Selected pane.

      Specific Sub-accounts

      Click the image to enlarge.

  6. Complete identity provider configuration for SSO.
    1. Select your identity provider from the Identity provider drop-down list.
    2. Specify the logon and logoff URLs for your identity provider.
      (For Okta only) Click Download Logoff Certificate to obtain the certificate file to upload to your federation server.
       

      Use the logon URL collected from AD Federation Services, Microsoft Entra ID or Okta configurations.

      The logoff URL logs you off and also terminates the current identity provider logon session.

       
    3. Locate the certificate file you downloaded from AD Federation Services, Microsoft Entra ID or Okta configurations and upload it for signature validation.
    4. Specify the identity claim type based on the claim you configured for AD Federation Services, Microsoft Entra ID or Okta (e.g. if you use email as the claim name, type email).

      Identity Claim Type

      Click the image to enlarge.

  7. Click Save to save the profile.
  8. Click Save to save SSO settings.
Keywords: allow SSO for TMEMS,enable SSO in TMEMS,configure SSO for TMEMS,use 3rd-party IdP for TMEMS SSO