SAML integration with the Terminus platform requires additional technical configuration, and may have addition costs associated to set up. If you would like to learn more about SAML configuration for your account, please reach out to your Terminus Account Manager, or Customer Success Manager.
Terminus supports the SAML 2.0 authentication framework. SAML is an open standard for exchanging authentication and authorization data between an identity provider and a service provider. Most notably, it addresses web browser single sign-on (SSO) for enterprise companies.
SAML completely eliminates all passwords, and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application, like Terminus.
Terminus supports both SP-initiated and Identity Provider (IdP) initiated SAML integrations. For SP initiated SAML, we require certain credentials from your SAML admin for setup. For IdP initiated SAML, we will work with your team to provide the credentials to add Terminus as an approved application to your IdP.
What are the requirements for integrating SAML?
We require the following inputs to successfully set up a SAML integration with the Terminus platform:
- Terminus customer provides the following information for their SAML application:
- The Identity Provider Single Sign-On URL
- The Identity Provider Issuer (URI)
- The x.509 Certificate
- Attribute mappings for the following fields:
- First name (required)
- Last name (required)
- Email (required)
- Title (optional)
- OR the customer provides a SAML metadata (.XML) file which contains the mentioned information above
- OR the customer provides the inputs for an OpenID Connect application:
- The Identity Provider Issuer
- The Identity Provider's OAuth 2.0 authorization endpoint
- The Identity Provider's token endpoint
- The Identity Provider's JSON Web Key Set document (JWKS endpoint)
- The Identity Provider's Userinfo endpoint
Additionally, we require a list of email domains that will use SAML logins in the event of an SP-initiated login attempt.
- E.g. “abc.com, def.com”
After our integration teams receive this information, they will coordinate with your systems teams on next steps!
Additional Integration Information
SAML authentication at Terminus is typically configured by providing your IdP's metadata and certificate information, so that Terminus can validate SAML requests for your organization.
Terminus also provides the option to disable all other login methods (username & password, Google/O365 Sign-in, etc.), so that only SAML logins are allowed for your Terminus instance.
If you would like to learn more about our SAML integration or wish to set it up for your company, please reach out to firstname.lastname@example.org.