Edit page
TrueNAS SCALETrueCommand Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

Configuring IDP SAML as SSO for TrueCommand SAML Service

TrueCommand allows identity provider (IDP) SAML single sign-on (SSO) configuration as of release 2.3.3. With IDP-SAML SSO you can configure a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option.

Security Assertion Markup Language (SAML) is an SSO standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.). SSO works by transferring a known identity for a user to another location that provides services to the user. SAML accomplishes the transfer by exchanging digitally-signed XML documents.

A SAML configuration requires an Identity Provider (IDP) and Service Provider (SP). When the IDP-SAML service provides the SSO, TrueCommand becomes the service provider.

IDP-SAML provider configuration settings and attributes can differ. This article provides general instructions, settings, and attributes for configuring an IDP-SAML SSO for TrueCommand as a cloud service provider.

TrueCommand IDP SAML does not support groups at this time.

TrueCommand Requirements

TrueCommand requires configuring the general settings and a set of attributes.

General Settings

Set support to PERSISTENT.

Download the IDP SAML metadata.

Download or copy/paste the single sign-in URL (https://)

Enter attributes as shown in the table below, with the underscore (attribute_name) if indicated.

For IDP SAML SSO, TrueCommand does not require the certificates from the IDP provider.

Mapping Attributes

Define these attributes in the IDP SAML service provider:

Full Namegiven_name or display_name
Emailmail or email
Phone Numbertelephone_number