KB 10: Configuring Wallix Trustelem as an identity provider (IdP) with Olfeo Saas
Context
This document covers the implementation of the Wallix Trustelem solution with the Olfeo Saas product. To facilitate this process, an Olfeo application is available in the Wallix catalog.
Wallix Trustelem is a solution that unifies, secures and simplifies user access to business applications. It acts as an IDP, providing Single Sign-On (SSO) and centralized identity management for products that can delegate authentication, whether Web or On-premise. To find out more about the features of this solution, click here: Wallix Trustelem.
Prerequisites
Have synchronized your corporate directory with Olfeo Saas. For this part, please refer to the Olfeo Saas technical documentation: configuring and managing directories.
Have ensured that the endpoints required for authentication (Trustelem authentication url in particular) are publicly exposed on the Internet.
Have selected the SAML authentication method in your Olfeo directory.
Configuration steps :
- Go to applications and click on "add an application".
- In "Pre-integrated applications", search for Olfeo, then select it.
- Once in the Olfeo SaaS application, enter the following information:
- Application description
- Entity ID: https://saas.trustlane.io/api/sso/saml/XXXXX/login
- Assertion Customer Service: Response URL (ACS): https://saas.trustlane.io/api/sso/saml/XXXXX/acs
- Specific login URL: Login URL: https://saas.trustlane.io/api/sso/saml/XXXXX/login
- NameID Attribute: Choose the identifying property defined when synchronizing your directory with Olfeo Saas.
- Select the desired certificate, then save
- Once registered, download the Trusleme metadata file, then return to the Olfeo Saas administration interface, go to Configuration, Directories, Directory editing, Authentication, and complete the "Supplier metadata" section.
- Then, in Wallix Trustelem, go to the permissions section to assign users or groups to the Olfeo Saas application.
- At this point, all you need to do is perform an authentication test with a user.