TraceUnified
Product Traceability Industries Pricing
Resources
Why TraceUnified Documentation Compare Security & compliance
Book a demo Try for free

Configure SSO

Connect your identity provider with SAML or OIDC, map its attributes so people arrive correctly identified, and make your IdP the front door to the platform.

Single sign-on lets your people authenticate to TraceUnified through your own identity provider, so access follows your central directory instead of a separate set of credentials. This guide connects an identity provider and maps its attributes so users arrive correctly identified. For the concepts, see SSO Configuration.

Connect your identity provider

Connecting an IdP is a matter of establishing mutual trust — each side has to be able to verify the other.

Before you start In the Identity Portal, go to SSO Configuration. Have your IdP's metadata and signing certificate to hand, and the protocol it uses — SAML or OIDC.

  1. Add an identity provider and choose its protocol, SAML or OIDC.
  2. Supply the metadata and signing certificate that establish trust, so TraceUnified and your IdP can each verify the other.
  3. Add more than one identity provider where you need it — a larger organization, or one mid-migration between providers, can run several at once.

Result A trusted connection between TraceUnified and your identity provider. See SSO Configuration.

Map attributes

An IdP describes a user in its own terms, so mapping is what turns an authenticated session into a correctly identified person.

  1. Configure attribute mapping — connect each IdP attribute to the corresponding field in TraceUnified.
  2. Confirm with a test sign-in that the person arrives correctly identified, with the right information attached, rather than as an anonymous authenticated session.

Result People who sign in through your IdP land in TraceUnified as themselves, with the right details mapped across.

Note SSO centralizes authentication where it belongs — your identity provider, with your password policies, your multi-factor requirements, and your ability to cut off access in one place. Pair it with user provisioning so accounts are created and de-provisioned automatically, and with security policies for the rules that govern sign-in.

Where to go next

To automate the account lifecycle behind SSO, see User Provisioning. Set the sign-in rules in Security Policies, and review the sign-in record itself in Authentication Logs.

Was this helpful?