Tymeshift supports single-sign on access to Tymeshift accounts via Secure Assertion Markup Language (SAML).
You can enable SAML integrations for the following:
Note: To be able to login in to the Tymeshift application with your SSO provider, you must use the same email address in the IdP as on Tymeshift.
You can also learn more about other Tymeshift login options.
Azure
- Go to https://portal.azure.com and search for Azure Active Directory.
- Search for Enterprise Applications.
- Select New Application.
- Select Create your own application.
- In the sidebar, enter the name of your application, then select Integrate any other application you don't find in the gallery (Non-gallery).
- Click Create.
- Next, add users by selecting option 1. Assign users and groups and select users and groups to add.
- Click Assign.
Configuring SAML
Next, configure SAML.
To configure SAML
- Select Single sign-on.
- Select SAML.
- Under Basic SAML Configuration, click Edit and enter the following information:
-
Identifier (Entity ID): https://<environment_url> (eg. https://us1-auth.tymeapp.com for us1, etc)
Note: This is based on where your account is located. It's generally in US1 unless mentioned otherwise. - Reply URL (Assertion Consumer Service URL): https://<environment_url>/auth/saml/<zend_url> (eg. https://us1-auth.tymeapp.com/auth/saml/d3v-tymeshiftus1, etc)
- Save
-
Identifier (Entity ID): https://<environment_url> (eg. https://us1-auth.tymeapp.com for us1, etc)
- Download the Certificate (Base64) from the SAML Signing Certificate section.
- Copy and save the Login URL from the Set up <AppName> section. Tymeshift needs this to complete the integration.
After you've completed the steps above, send Tymeshift the following information:
- Issuer: https://<environment_url> (eg. https://us1-auth.tymeapp.com)
- EntryPoint: Login URL copied from the Set up <AppName> section in Azure AD
- Certificate: open the certificate file downloaded from Azure with a text edit tool, and copy the contents of the certificate (Base64).
Okta
- Login to Okta, then go to Admin.
- Click the Applications menu and select Applications.
- Select Create App Integration.
- Select Sign In Method as SAML 2.0, then click Next.
- Under the General Settings section, select App Name: Tymeshift (optional).
- Click Next.
- In the Configure SAML the Single Sign On section, enter the URL https://{env}-auth.tymeapp.com/auth/saml/{zendurl}. Note the following:
- In the {env} section, enter the environment your account is in. Generally your account will be in US1 unless stated otherwise.
- In the {zenurl}, replace this with your account URL. For example, https://us1-auth.tymeapp.com/auth/saml/tymeshift.
- Select Use this for recipient & destination and copy the URL in the Audience URL section. Click Next.
- Under Feedback, select Finish.
- Click View SAML Setup Instructions and send Tymeshift the following information:
- Identity Provide Single Sign-On URL
- Identity Provide Issuer
- X.509 Certificate
OneLogin
- Log in to OneLogin, then go to Admin.
- Click Applications, then select Add App.
Search for SAML Custom Connector (Advanced). - Click SAML Custom Connector (Advanced), then Save.
- Select Configuration.
- Enter the SAML Single Sign On URL, https://{env}-auth.tymeapp.com/auth/saml/{zendurl}, in the following sections:
- Audience (EntityID)
- ACS (Consumer) URL Validator
- ACS (Consumer) URL
Note: In the {env} section, enter us1 and remove {}. Instead, enter https://us1-auth.tymeapp.com/auth/saml/{zendurl}. For {zendurl}, remove the {} and enter you Zendesk URL.
- Confirm that the SAML Initiator is changed to Service Provider.
- Click Save, then choose the SSO option and send the following information to Tymeshift:
- The Issuer URL
- The SAML 2.0 Endpoint (HTTP)
- X.509 Certificate
0 Comments
Please sign in to leave a comment.