In this article:
Overview
Tesorio supports SAML 2.0 for Single Sign-On (SSO) authentication, enabling customers to integrate with virtually any major SSO provider. This allows your organization to leverage centralized user authentication and streamline the login process across multiple systems.
To enable SSO for your Tesorio account, the feature must be activated by your Customer Success Manager
Step 1: Configure Tesorio in your SSO
Once SSO is enabled for your Tesorio account, you’ll need to configure Tesorio as a service provider in your SSO provider’s admin portal. Below are the details you need to provide to your SSO administrator:
Property | Value |
ACS URL | |
Entity ID | |
Name ID Format |
|
Name ID | Basic Information > Primary Email |
Step 2: Provide Metadata to Tesorio
Next you will need to share the metadata with Tesorio. There are two options for this:
Metadata URL (Self-Service): Provide us with the URL directly via the Tesorio SSO integration page
Metadata XML (Manual Submission): Send a metadata XML file to your Customer Success Manager to process.
Step 3: Access Tesorio’s SSO Login Page
Once your SSO integration is configured, users will be able to log in to Tesorio using SSO.
Tesorio currently supports SP-initiated SSO logins, which means users must first go to the Tesorio SSO login page and enter their email address.
Alternatively, you can find the SSO login page from https://dashboard.tesorio.com/login/ and selecting to login via Single Sign-On.
The user is then redirected to their SSO provider for authentication. Once authenticated, they will be redirected back to Tesorio and logged in automatically.
Tesorio does not support IDP-initiated SSO logins meaning users cannot log in to Tesorio directly from their SSO provider's dashboard.