Authentication

TruffleHog Authentication #

Default #

The default authentication method for TruffleHog uses Google Oauth or Magic Links for user management. Administrators must add each user by email that should have dashboard access to the Users page.

SAML SSO #

Authentication can be configured to be handled by a SAML SSO identity provider (IdP). When this option is enabled, the IdP is responsible for user management.

Okta Configuration #

  1. Select “Create a new app integration”
    Create a new app integration
  2. Select a “SAML 2.0” app
    SAML 2.0
  3. Set your app name and app logo
    Application name
  4. Single Sign on URL → See Authentication page in TruffleHog dashboard
    ACS URL
  5. Single sign on URL → See Assertion Consumer Service (ACS) URL on Authentication page in TruffleHog dashboard
  6. Audience URI → Base URL for your TruffleHog deployment. For example, if your ACS URL is https://real-strong-chipmunk.c1.prod.trufflehog.org/saml/acs , your Audience URI will be https://real-strong-chipmunk.c1.prod.trufflehog.org
  7. Name ID Format → EmailAddress
  8. Add the following Attribute Statements
    1. email → user.email
    2. firstName → user.firstName
    3. lastName → user.lastName
      Okta SSO
      Note If you are using an IdP that uses subject that is unique for each session, add a ‘username’ attribute that returns the user’s email address.
  9. Complete setup
  10. Go to the new app admin page
  11. Go to Sign On tab
  12. Open “View SAML setup instructions”
    Okta SAML Setup
  13. Select the IDP metadata from the text box
    Okta Metadata
  14. Paste the metadata content into the metadata field on the Trufflehog authentication page