Skip to main content

Configuring Triofox with Google IDP as a SAML Identity Provider

Andres Ortiz
Updated

Background

This article describes how a Triofox cluster can be federated with a Google IDP tenant such that Google IDP is the Security Assertion Markup Language (SAML) Identity Provider (IdP0 and Triofox will be the SAML Relying Party (RP). These instructions require a Google Admin account to set it up.

Configuration

  1. Sign into the Triofox server's management portal as an administrator.
  2. From the management console go to Settings (the left-hand side tenant navigation), select "Single Sign on (SAML Integration)". Screenshot 2025-02-06 134759.png

  3. On the next page see a link under "Access service provider meta data using the following link:" click on the link.Screenshot 2025-02-06 135017.png


  4. New tab opens up and XML data will be displayed:
    Screenshot 2025-02-06 135126.png

  5. Locate the " md:EntityDescriptor entityID" URL in the XML data and copy the URL and paste it into a text editor similar to this:
    Identifier=https://tthcaotrio17.triofox.io/portal/saml2.aspx
  6. Locate the " md:AssertionConsumerService Location" URL XML data and copy the URL and paste it into a text editor similar to this:
    Reply URL=https:https://tthcaotrio17.triofox.io/portal/saml2.aspx
  7. Save the text in the text editor to a file. It will be used later when configuring the Google App
  8. Go back to the SSO settings page in Triofox, enable the toggle to turn on Single Sign on.Screenshot 2025-02-06 135343.png
  9. Takes you to the page to select the SSO provider, set it to 'Other' and click 'Next'.Screenshot 2025-02-06 135434.png
  10. Takes you to the Enable single Sign on page with a few boxes to enter information, leave it open for now and open another tab or window.
  11. On the new browser tab or window, navigate to https://admin.google.com. Sign in with your Google Admin credentials
  12. From the admin home page expand 'Apps' from the left navigation menu and click on 'Web and mobile apps'
    Screenshot 2025-02-06 135845.png
  13. On the 'Web and mobile apps' page click on 'Add app' -> 'Add custom SAML app'
    Screenshot 2025-02-06 135942.png
  14. On the next page enter a name and a description for the app, they can be anything you want, then click 'continue' at the bottomScreenshot 2025-02-06 140102.png
  15. On the next page has option to download metadata at the top, click on it to download the metadata, save this file as we will need it later. Make sure there is a valid certificate here or else it will not work. If the certificate is invalid, please go back to the home page and create a valid certificate there. Once the metadata is saved click 'continue' at the bottom. Screenshot 2025-02-06 140208.png
  16. In the next page it prompts you to enter the Access URL and the Entity ID, this will be the Reply URL and Identifier respectively we copied previously, paste them into the text lines like below. Screenshot 2025-02-06 140333.png
  17. Scroll down and in the Name ID Format line change it to 'EMAIL' and click 'continue' at the bottomScreenshot 2025-02-06 140407.png
  18. In the next page, click 'Add Mapping' 3 times and set it so that it matches the image below, then scroll down and click 'Finish' to finish creating the application. Screenshot 2025-02-06 140514.png
  19. Can see the new Application created, shows like this Screenshot 2025-02-06 140621.png
  20. Under User Access, can see that it is 'Off for everyone' need to enable it for everyone or for specific groups you want grant access to, click on the user access box to go to the next page. Screenshot 2025-02-06 140621.png
  21. In this next page change it to 'On' for everyone or if you prefer you can set it to only allow access for specific groups from the side bar, save the changes and after the setup all users added here will be able to login to Triofox via Single Sign On.  Screenshot 2025-02-06 140813.png
  22. Now open the Google SSO Metadata file that we downloaded while creating the app. Here find the SingleSignOnService Locations and copy one of them (they should be identical). Screenshot 2025-02-06 141019.png
  23. Then go back to Triofox SSO settings page and paste it into the field called 'IdP End Point URL'Screenshot 2025-02-06 141152.png
  24. Then scroll down and find the Email parameter, Given Name parameter and Sur name parameter, fill it out like so, matching the ones we set in the Google app, make sure they match exactly as it is case sensitive. Screenshot 2025-02-06 141250.png
  25. Next go back to the MetaData file we downloaded from Google and copy all of it. Screenshot 2025-02-06 141330.png
  26. Then on Triofox SSO settings page, scroll down to IdP MetatData section and paste it all into here, then scroll all the way to the bottom and click 'Next' to go to the next page. Screenshot 2025-02-06 141419.png
  27. On this page, change the name of the SSO login link to whatever you like and make sure the setting 'Create user when user doesn't exist' is checked then click 'Commit' Screenshot 2025-02-06 141531.png
  28. The setup is now Complete and users are able to login with Google SSO!

 

Test on Web Portal

Google IdP setup is complete, if you visit the login page now, you will be able to see the Google SSO login link if you opted to have the link in the login page, otherwise it will take you directly to the Google SSO login page, the following screenshot is with the link to login page setting enabled. Screenshot 2025-02-06 142004.png

 

After clicking on the link in the previous page it takes you to the google sign in page, enter username and password for one of the users that has access to the web app we created. Screenshot 2025-02-06 142208.png

 

The user was able to sign in with Google SSO and can now access the web portal!

Screenshot 2025-02-06 142322.png

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk