Overview
Using Single Sign On allows your users to only require one set of credentials for access to a number of applications. If you have your own SSO authorization, that configuration is maintained by your IT specialists; i.e. TriLine GRC has no visibility of this, but all position's email addresses must match with that configuration. Otherwise, Ansarada will take care of the SSO Authorization.
TriLine GRC provides a passive pass‐through authentication service. A person will be automatically forwarded to the authentication service when accessing the site. No personal information is transferred (at this point TriLine GRC does not know who the person is). The authentication service will advise TriLine GRC if the User is permitted to access the application. TriLine GRC will then use the information passed from the authentication service (usually the email address) to ascertain if the person has a Position within TriLine GRC and will proceed to log them into their TriLine GRC Position*.
Adding a new user
A Position must be created in TriLine GRC before a user can log in using Single Sign On (SSO). If you have your own SSO authorization, the TriLine GRC email address must be the same as that used by your SSO Authenticator. For example, if you are using the email address as the User ID then it will look like this in TriLine GRC:
Fill the details of the new position and then click on Save as shown below:
What happens when one person has multiple Positions in TriLine GRC?
If you have a staff member with multiple Positions within TriLine GRC, only one of those Positions can have the SSO User ID (e.g. the one they use the most in TriLine GRC). The other Positions will require a TriLine GRC User ID (Email address) and the password will be detected by your SSO. If the user is previously authenticated, the user is not required to enter their password while logging into Triline GRC. Once they have logged in using SSO they can use the Change user (Position) option if required. For example:
Please note: Currently, the login will default to the first position in your Positions list. In the future, this will default to your last logged-in position.
Protocols
TriLine GRC supports the SAML SSO Protocols.
SAML
SSO Protocols. SAML In your SAML service create a new application called: triline‐grc.
The return URL from your SAML Service will be https://host‐au.triline‐grc.net/XYZ2234/SamlLogin/sso.aspx (where XYZ2234 is your unique code).
Provide TriLine GRC with the following:
The URL for your SAML Service (e.g. https://your.saml.com/saml).
The Certificate generated by your SAML Service for the application.
If the application name cannot be ‘triline‐grc’ then provide the name used.
Activation
Once the Positions have been updated and the appropriate information provided to TriLine GRC we can then activate SSO for your site. All Users will need to be off the TriLine GRC site for the Activation to occur.
Problem-Solving
If any issues arise in relation to access it will be necessary for you to provide user credentials that can be used to log into your TriLine GRC site. The user can be created in your Active Directory with access limited to your TriLine GRC site and can be removed or deactivated once the problem has been resolved.