About
Authentication and authorization or core and foundational tenets to any information security program. Due to many risks associated with these, there has been a continuing evolution of solutions in this space with the intent to consolidate and standardize authentication, authorization, and single-sign-on.
One such solution is what is referred to as SAML(Security Assertion Markup Language). SAML, in a nutshell, is a standard to allow for the passing of authentication and authorization data between identity providers and service providers.
If you are leveraging SAML in your organization, Virtru can be integrated into your continued work to secure authentication by integrating and providing a single sign on option.
Jump to:
SSO Configuration Guide
Getting started
Creating an SSO Configuration
Activating an SSO Configuration
Deactivating an SSO Configuration
Common Provider Guides
SSO Configuration Guide
This guide will cover the following
- Configure and enable Virtru SSO
- Configure additional Virtru identity administrator(s)(recommended)
- Register a multi-factor authentication (MFA) token for at least one identity administrator
Getting started
This feature is not enabled by default
Please contact your customer success manager or support to enable this feature for your team.
Information needed from Virtru
- Virtru Organization ID
- Single Sign On URL: https://api.virtru.com/accounts/saml/callback?orgId= (plus your Organization ID from above)
Information needed from the identity provider
- SAML login endpoint URL (known also as the SAML 2.0 endpoint or SSO Endpoint)
- SAML logout endpoint URL (known also as the SLO Endpoint)
- Authentication certificate
Creating an SSO Configuration
1. Log in to the Virtru Dashboard (https://secure.virtru.com/dashboard) using a current Virtru Administrator account for your domain.
2. Click on the “Authentication” navigation item
3. Click the “Add an SSO Configuration” button
4. Enter a name for the new configuration as well as the information from the identity provider into the form (see “Information needed from the Identity Provider”).
5. Prior to clicking “Save”, the configuration must be validated by clicking the “Validate” button. This will trigger a page navigation and an SSO login flow.
- Upon a successful log in through the identity provider page, you should be redirected back to the Dashboard New SSO Configuration form and the banner at the bottom of the page should now show a success message.
- Upon some unsuccessful validations, you will be redirected back to the Dashboard New SSO Configuration form but the banner will display an error message. Check the provider information in the form and try again.
- Upon some other unsuccessful validation attempts, the redirect may fail and you will need to manually return to the configuration page by going to the Dashboard again. Check the provider information in the form and try again.
6. Click “Save” to save the new configuration in a “Inactive” state. The configuration will not yet be active.
Activating an SSO Configuration
1. Log in to the Virtru Dashboard using a Virtru Administrator account for the target organization domain using the established federated OAuth login method.
2. Click on the “Authentication” navigation item
3. Check the checkbox on an existing configuration that is in the “Inactive” state
4. Click the “Actions” dropdown and select “Activate”, then click the “Apply” button
5. Read the warning modal, then click the “Activate” button. Users will no longer be able to use standard sign-in methods like federated OAuth to log in to Virtru applications.
6. Read the warning modal, then click the “Logout” button. You will be required to log in again using the SSO method instead of the federated OAuth login method.
7. Once this is complete you will see the state of your SSO has changed to "Active" and your "Standard Virtru sign in methods" have been disabled.
Deactivating an SSO Configuration
1. Log in to the Virtru Dashboard using a Virtru Administrator account for the target organization domain using the SSO login method.
2. Click on the “Authentication” navigation item
3. Check the checkbox on an existing configuration that is in the “Active” state
4. Click the “Actions” dropdown and select “Deactivate”, then click the “Apply” button
5. Read the warning modal, then click the “Deactivate” button. Users will once again be able to use standard sign-in methods like federated Oauth to log in to Virtru applications instead of SSO.
6. Once this is complete you will see the state of your SSO has changed to "Inactive" and your "Standard Virtru sign in methods" have been "Enabled" again.