Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Articles in this section

SAML Admin Guide

Avatar
Craig Engle
  • Updated
Follow

About

Authentication and authorization or core and foundational tenets to any information security program.  Due to many risks associated with these, there has been a continuing evolution of solutions in this space with the intent to consolidate and standardize authentication, authorization, and single-sign-on.

One such solution is what is referred to as SAML(Security Assertion Markup Language). SAML, in a nutshell, is a standard to allow for the passing of authentication and authorization data between identity providers and service providers.

If you are leveraging SAML in your organization, Virtru can be integrated into your continued work to secure authentication by integrating and providing a single sign on option.

 

Jump to:

SSO Configuration Guide
Getting started
Creating an SSO Configuration
Activating an SSO Configuration
Deactivating an SSO Configuration
Common Provider Guides

 

SSO Configuration Guide

This guide will cover the following 

  • Configure and enable Virtru SSO 
  • Configure additional Virtru identity administrator(s)(recommended)
  • Register a multi-factor authentication (MFA) token for at least one identity administrator

 

Getting started 

This feature is not enabled by default

Please contact your customer success manager or support to enable this feature for your team.

Information needed from Virtru

Information needed from the identity provider

  • SAML login endpoint URL (known also as the SAML 2.0 endpoint or SSO Endpoint)
  • SAML logout endpoint URL (known also as the SLO Endpoint)
  • Authentication certificate

 

Creating an SSO Configuration

1. Log in to the Virtru Dashboard (https://secure.virtru.com/dashboard) using a current Virtru Administrator account for your domain. 


2. Click on the “Authentication” navigation item


3. Click the “Add an SSO Configuration” button
Dashboard authentication section

 

4. Enter a name for the new configuration as well as the information from the identity provider into the form (see “Information needed from the Identity Provider”). 
SAML configuration fields

 

5. Prior to clicking “Save”, the configuration must be validated by clicking the “Validate” button. This will trigger a page navigation and an SSO login flow.

    1. Upon a successful log in through the identity provider page, you should be redirected back to the Dashboard New SSO Configuration form and the banner at the bottom of the page should now show a success message.
    2. Upon some unsuccessful validations, you will be redirected back to the Dashboard New SSO Configuration form but the banner will display an error message. Check the provider information in the form and try again.
    3. Upon some other unsuccessful validation attempts, the redirect may fail and you will need to manually return to the configuration page by going to the Dashboard again. Check the provider information in the form and try again.

 

6. Click “Save” to save the new configuration in a “Inactive” state. The configuration will not yet be active.

SAML configuration fields

 

Activating an SSO Configuration

1. Log in to the Virtru Dashboard using a Virtru Administrator account for the target organization domain using the established federated OAuth login method.


2. Click on the “Authentication” navigation item


3. Check the checkbox on an existing configuration that is in the “Inactive” state


4. Click the “Actions” dropdown and select “Activate”, then click the “Apply” button
Authentication settings

5. Read the warning modal, then click the “Activate” button. Users will no longer be able to use standard sign-in methods like federated OAuth to log in to Virtru applications.
Activate SSO configuration modal - cancel or activate

6. Read the warning modal, then click the “Logout” button. You will be required to log in again using the SSO method instead of the federated OAuth login method.


7. Once this is complete you will see the state of your SSO has changed to "Active" and your "Standard Virtru sign in methods" have been disabled. 


Single sign on management in virtru dashboardg

 

Deactivating an SSO Configuration

1. Log in to the Virtru Dashboard using a Virtru Administrator account for the target organization domain using the SSO login method.

2. Click on the “Authentication” navigation item 

3. Check the checkbox on an existing configuration that is in the “Active” state 

4. Click the “Actions” dropdown and select “Deactivate”, then click the “Apply” button

Single sign on management in virtru dashboard

5. Read the warning modal, then click the “Deactivate” button. Users will once again be able to use standard sign-in methods like federated Oauth to log in to Virtru applications instead of SSO.

Deactivate SSO configuration modal - cancel or Deactivate

6. Once this is complete you will see the state of your SSO has changed to "Inactive" and your "Standard Virtru sign in methods" have been "Enabled" again. 


Single sign on management in virtru dashboard

 

Common Provider Guides

Okta

Related articles