Setting up SSO for your organization

Configure single sign on with SAML so employees in your organization can log in with Okta, OneLogin, G Suite, Auth0, or other identity providers.

To get started, go to the Admin Dashboard settings and choose the “SSO” tab. Follow the steps to create a SAML configuration.

Prepare your IDP for the connection

You’ll need to create an application in your IDP. We have plans to have official apps in Okta, OneLogin, and other popular identity providers soon. In the mean time, you can create a SAML-based application.

Your provider will ask you for a few things from Transcend, which we provide in the SSO tab.

Once you’ve created the application in your IDP, you can come back to Transcend and proceed.

Configure Transcend to talk to your IDP

Your IDP will provide an Identity Provider Single-Sign On URL, Identity Provider Issuer, and X.509 certificate. Copy them into their respective fields in Transcend.

Test your connection with IDP-initiated SSO

You can now test via IDP-initiated SSO by logging out and logging back in at https://app.transcend.io/login. By entering your email address, you should be redirected to your identity provider.

If you have any trouble along the way, please reach out to us at [email protected]

General settings

  • Audience: transcend
  • Single sign on URL: https://api.transcend.io/saml/
  • Recipient URL: https://api.transcend.io/saml/
  • Destination URL: https://api.transcend.io/saml/

Okta Guide

Note: this guide uses the Classic UI, which can be selected on the top-left dropdown in Okta

  1. Go to the Applications page
  1. Click Add Application
  1. Click Create New App.
    Under platform, select Web, and choose SAML 2.0. Click Create.
  1. Name your application Transcend.
    You may download our App Icon here and click Upload Logo.
    Click Next.
  1. Set your Single sign on URL to https://api.transcend.io/saml
    Set Audience URI to transcend
    Set Name ID format to EmailAddress
    Set Application username to Email
  1. Scroll down to Attribute Statements and set 3-5 attributes:
    Set Name to firstName, Name format to Basic, Value to user.firstName
    Set Name to lastName, Name format to Basic, Value to user.lastName
    Set Name to login, Name format to Basic, Value to user.login
    Set Title to title, Name format to Basic, Value to user.title
    Set Department to department, Name format to Basic, Value to user.department

If you use Push Groups, you can also:

Set groups, Name format to Basic, Filter to .* (or another filter to only expose certain groups)

Click Next.

  1. Select "I'm an Okta customer adding an internal app" and click Finish.
  1. You should be redirected to the Sign On tab. Click View Setup Instructions. Copy this information into Transcend on the Settings / SSO tab on the Admin Dashboard.

This info is your:

  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • X.509 Certificate

Google Guide

  1. Go to Google Admin and select Apps.
  1. Select "SAML apps"
  2. Click the + sign on the bottom right
  1. Take note of your SSO Url, Entity ID, and download the Certificate
  1. Click Next.
    Under Application Name, enter Transcend.
    Feel free to add a description, like "Transcend's Data Privacy Infrastructure manages personal data across distributed data systems and vendors."
    You can download our App Icon here and click Upload Logo.
  1. Click Next to proceed to Service Provider Details

Under ACS URL enter https://api.transcend.io/saml
Under Entity ID enter transcend
Check Signed Response
Under Name ID select Basic Information / Primary Email
Under Name ID Format select EMAIL

  1. Click Next to proceed to Attribute Mapping

Type firstName and select Basic Information / First Name
Type lastName and select Basic Information / Last Name
Type login and select Basic Information / Primary Email
Type title and select Employee Details / Title
Type department and select Employee Details / Department

  1. Copy the information from Step 4 into Transcend on the Settings / Security tab on the Admin Dashboard.

Enter your:

  • Entity ID into Identity Provider Issuer
  • SSO URL into Identity Provider Single Sign-On URL
  • Certificate into X.509 Certificate. You'll need to open the .pem file your downloaded in a text editor and copy the text in.