Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Articles in this section

SAML Admin Guide

Avatar
Craig Engle
  • Updated
Follow

About

Authentication and authorization are core and foundational tenets to any information security program.  Due to many risks associated with these, there has been a continuing evolution of solutions in this space with the intent to consolidate and standardize authentication, authorization, and single-sign-on.

One such solution is what is referred to as SAML (Security Assertion Markup Language). SAML, in a nutshell, is a standard to allow for the passing of authentication and authorization data between identity providers and service providers.

If you are leveraging SAML in your organization, Virtru can be integrated into your continued work to secure authentication by integrating and providing a single sign on option.

 

Jump to:

SSO Configuration Guide
Getting started
Creating an SSO Configuration in the Virtru Control Center
Activating an SSO Configuration
Deactivating an SSO Configuration
Common Provider Guides

 

SSO Configuration Guide

This guide will cover the following 

  • Configure and enable Virtru SSO 
  • Configure additional Virtru identity administrator(s)(recommended)
  • Register a multi-factor authentication (MFA) token for at least one identity administrator

 

Getting started 

This feature is not enabled by default

Please contact your customer success manager or support to enable this feature for your team.

Information you will need from Virtru

Search for Virtru in your identity provider's application store

Some providers, like Okta and OneLogin, have existing entries for Virtru in their Applications store. Before configuring a custom application within your identity provider, please see if Virtru is already available. If so, you will not need to fill in all of the details above as some details will be pre-configured in the application. 

Information needed from your identity provider

  • SAML login endpoint URL (known also as the SAML 2.0 endpoint or SSO Endpoint)
  • SAML logout endpoint URL (known also as the SLO Endpoint)
  • Authentication certificate (format: PEM or x.509)

 

Creating an SSO Configuration in the Virtru Control Center

1. Log in to the Virtru Control Center using a current Virtru Administrator account for your domain. 

2. Click on the Authentication navigation item

3. Select Add an SSO Configuration

Authentication page

4. Enter a name for the new configuration as well as the information from the identity provider into the form (see “Information needed from the Identity Provider”). 

SAML configuration fields

 

5. Prior to clicking Save, the configuration must be validated by clicking the Validate button. This will trigger a page navigation and an SSO login flow.

    1. Upon a successful log in through the identity provider page, you should be redirected back to the Virtru Control Center New SSO Configuration form and the banner at the bottom of the page should now show a success message.
    2. Upon some unsuccessful validations, you will be redirected back to the Control Center New SSO Configuration form but the banner will display an error message. Check the provider information in the form and try again.
    3. Upon some other unsuccessful validation attempts, the redirect may fail and you will need to manually return to the configuration page by going to the Control Center again. Check the provider information in the form and try again.

6. Click Save to save the new configuration in a “Inactive” state. The configuration will not yet be active.

SAML configuration fields

 

Activating an SSO Configuration

1. Log in to the Virtru Control Center using a Virtru Administrator account for the target organization domain using the established federated OAuth login method

2. Click on the Authentication navigation item

3. Check the checkbox on an existing configuration that is in the “Inactive” state

4. Select the “Actions” dropdown and select Activate. Then, click the Apply button

Authentication settings

5. Read the warning modal, then click the Activate button. Users will no longer be able to use standard sign-in methods like federated OAuth to log in to Virtru applications. This will apply to all users from your team's recognized domains.

Activate SSO configuration modal - cancel or activate

6. Read the warning modal, then click the Logout button. You will be required to log in again using the SSO method instead of the federated OAuth login method.

Logout modal

7. Once this is complete you will see the state of your SSO has changed to "Active" and your "Standard Virtru sign in methods" have been "Disabled."

Single sign on management

 

Deactivating an SSO Configuration

1. Log in to the Virtru Control Center using a Virtru Administrator account for the target organization domain using the SSO login method.

2. Click on the Authentication navigation item 

3. Check the checkbox on an existing configuration that is in the “Active” state 

4. Select the “Actions” dropdown and select Deactivate. Then, click the Apply button

Single sign on management

5. Read the warning modal, then click the Deactivate button. Users will once again be able to use standard sign-in methods like federated Oauth to log in to Virtru applications instead of SSO

Deactivate SSO configuration modal - cancel or Deactivate

6. Once this is complete you will see the state of your SSO has changed to "Inactive" and your "Standard Virtru sign in methods" have been "Enabled" again.

Single sign on management

 

Common Provider Guides

Okta

Related articles