TruffleHog authentication


The default authentication method for TruffleHog uses Google Oauth or Magic Links for user management. Administrators must add each user by email that should have dashboard access to the Users page.


Authentication can be configured to be handled by a SAML SSO identity provider (IdP). When this option is enabled, the IdP is responsible for user management.

Okta Configuration

  1. Select “Create a new app integration” Create a new app integration
  2. Select a “SAML 2.0” app SAML 2.0
  3. Set your app name and app logo Application name
  4. Single Sign on URL → See Authentication page in TruffleHog dashboard ACS URL
  5. Single sign on URL → See Assertion Consumer Service (ACS) URL on Authentication page in TruffleHog dashboard
  6. Audience URI → Base URL for your TruffleHog deployment. For example, if your ACS URL is, your Audience URI will be
  7. Name ID Format → EmailAddress
  8. Add the following Attribute Statements
    1. email →
    2. firstName → user.firstName
    3. lastName → user.lastName Okta SSO Note If you are using an IdP that uses subject that is unique for each session, add a ‘username’ attribute that returns the user’s email address.
  9. Complete setup
  10. Go to the new app admin page
  11. Go to Sign On tab
  12. Open “View SAML setup instructions” Okta SAML Setup
  13. Select the IDP metadata from the text box Okta Metadata
  14. Paste the metadata content into the metadata field on the Trufflehog authentication page