Do you support SAML or SSO authentication? How do I set it up?

For our enterprise customers, we provide the option of authenticating with SAML single sign-on. We'll support any SAMLv2 provider, but are tested mostly with OneLogin at the moment. Please let us know if something breaks or doesn't work, and we'd be more than happy to fix it. If you do not have access to SAML, and would like to set it up, please get in touch; we'll make sure to get you set up quickly.

In this article

Setting Up Bitium

Instructions on integrating with Bitium are accessible by clicking here.

Setting Up Centrify

Instructions on integrating with Centrify are accessible by clicking here.

Setting Up OneLogin

  • Get your Account ID from Tinfoil Security

    1. Visit Tinfoil Security and sign in with your administrator account.
    2. Once signed in, click the dropdown with your email or name in the top right of the dashboard, and click "My Account"
    3. Select "Security" from the tabs on the left side.
    4. Take note of your Account ID as listed underneath the "Single Sign-On" section of the page. Make sure you copy this into your clipboard or save it off somehow. Your SAML identity provider will have to provide this ID to us in order to authenticate.
  • Configure Application on OneLogin

    1. In OneLogin, navigate to Apps > Find Apps.
    2. Search for Tinfoil Security and click add.
    3. You may edit the Display Name. Select SAML 2.0 for the connector version and click continue.
    4. You may configure the app as needed. 
    5. Add your Account ID (obtained above from Tinfoil Security) under Configuration and click Update.
    6. Select Single Sign-On, set the credentials to Configured by Admin, select Email in the Default Values menu, and Update.
    7. Now, there are two options:

 

  • Issuer URL (Easiest option):

    1. Click the Single Sign-on tab.
    2. Copy your Issuer URL and save it off. You'll need it later.

 

  • Certificate and SAML Endpoint (Harder):

    1. Click the Single Sign-on tab.
    2. Copy the URL for the SAML Endpoint next to HTTP and save it off. You'll need it later.
    3. Download your certificate by visiting this link https://app.onelogin.com/saml (you must be logged in for this to work). Save the SHA-1 fingerprint for later. You can also find the certificate SHA-1 fingerprint by navigating to Security > SAML in OneLogin.
  • Configuring Tinfoil Security with SAML:

    1. Visit Tinfoil Security and sign in with your administrator account.
    2. Once signed in, click the dropdown with your email or name in the top right of the dashboard, and click "My Account"
    3. Select "Security" from the tabs on the left side.
    4. Check the "Enable SAML" checkbox.
    5. Make sure you type in your current password, as we'll need you to verify you're able to make these authentication changes.
    6. If, in the previous step, you chose to simply copy the Issuer URL, then paste it into the SAML Metadata URL field under "Automatic Configuration".
    7. If, instead, you chose to save the SHA-1 fingerprint and SAML Endpoint, select "Manual Configuration" and enter them under SAML POST URL and SAML Certificate Fingerprint.
    8. Hit "Save" and that should be it!

Setting Up SAASPASS

  1. Add the Tinfoil Security application to your SAASPASS account to generate a SAML Post URL and a SAML Certificate Fingerprint 
  2. Visit Tinfoil Security and sign in with your administrator account.
  3. Once signed in, click the dropdown with your email or name in the top right of the dashboard, and click My Account
  4. Select Security from the tabs on the left side.
  5. Make sure you type in your current password, as we'll need you to verify you're able to make these authentication changes.
  6. Check the Enable SAML checkbox.
  7. Set the configuration type to Manual Configuration
  8. Fill in your SAML Post URL and SAML Certificate Fingerprint as generated in step 1
  9. Make note of your Account ID, as you'll need it to finish configuring the SAASPASS Single sign-on

  10. Edit your Tinfoil Security application info on your SAASPASS Account, and fill in the Account ID from the Tinfoil Security dashboard in step 9
  11. Click Save

Still need help? Contact Us Contact Us