SAML
Use the following instructions to set up a SAML SSO provider for Tonic.
You must configure the following assertions to be sent to Tonic from your SAML provider:
Email
GivenName
FamilyName
Groups
The Assertion Consumer Service (ACS) URL is
https://your-tonic-url/api/sso/samllogin
.The Audience is
Tonic
.Export your IDP Metadata XML file from your provider.
TONIC_SSO_PROVIDER
:SAML
TONIC_SSO_SAML_IDP_METADATA_XML_URL
- Set to the URL of your IDP Metadata XML file. If your SSO solution does not offer a URL, you can setTONIC_SSO_SAML_IDP_METADATA_XML_BASE64
to the Base 64 encoded contents of the IDP Metadata XML file. To encode the contents, run the following command:cat /path/to/xml/file | base64 -w 0
TONIC_SSO_SAML_ENTITY_ID
: The entity ID to use to send SAML requests from Tonic. If this is not set, the entity ID is determined from the IDP metadata.TONIC_SSO_GROUP_FILTER_REGEX
: <Group regular expression> The regular expression matches the groups that Tonic needs to be aware of. You can change this later. For example, the expression.*Tonic.*
allows all groups that contain the word "Tonic".
Last modified 7d ago