Use the following instructions to set up a SAML SSO provider for Tonic.
You must configure the following assertions to be sent to Tonic from your SAML provider:
The Assertion Consumer Service (ACS) URL is
The Audience is
Export your IDP Metadata XML file from your provider.
TONIC_SSO_SAML_IDP_METADATA_XML_URL- Set to the URL of your IDP Metadata XML file. If your SSO solution does not offer a URL, you can set
TONIC_SSO_SAML_IDP_METADATA_XML_BASE64to the Base 64 encoded contents of the IDP Metadata XML file. To encode the contents, run the following command:
cat /path/to/xml/file | base64 -w 0
TONIC_SSO_SAML_ENTITY_ID: The entity ID to use to send SAML requests from Tonic. If this is not set, the entity ID is determined from the IDP metadata.
TONIC_SSO_GROUP_FILTER_REGEX: <Group regular expression> The regular expression matches the groups that Tonic needs to be aware of. You can change this later. For example, the expression
.*Tonic.*allows all groups that contain the word "Tonic".