Traverse supports single sign-on integration with Passly, a cloud-based identity and access management web service.
A user initially logs into Passly using multi-factor authentication, a strengthened method of user identification. This is the only time the user authenticates to access many different applications, hence the name 'single sign-on'.
Inside Passly the user is shown a page of single sign-on apps. This can include a single sign-on app for Traverse.
The user clicks any app's icon to immediately access that application. Passly manages the specific logon requirements for each app, including periodic password changes if necessary, without the user's involvement.
Prerequisites
Access to Passly.
Access to Traverse 9.4 or later.
Configuring Integration of Traverse and Passly
Login into Passly.
Select SSO Manager.
Click the add + icon to create a new single sign-on app.
Click the Application Configuration tab.
Change Image - Optionally upload an icon for your new application.
Application is Enabled - Check to enable this application.
Give your application a name - Enter a name for your new application.
Authentication Policy - Select an authentication policy.
Click the Protocol Setup tab.
Protocol Type - Select SAML IdP-init.
Reply to URL - Enter the URL <YourTraverseURL>/api/v1/auth/saml.
Accept all other default values.
Click the Permissions tab.
Click Add Groups to add the user groups that will have access to your new application.
Click the Signing and Encryption tab.
Copy the text of the signing certificate in the edit box to your clipboard.
Click Save Changes.
Logon to Traverse as a superuser.
Select Superuser > Global Config > Integration Settings.
Enable Single Sign-On - Check this option.
Paste the text of the signing certificate into the Enable Single Sign-On text box.
Click Save.
Logon to Passly as any user in a user group assigned the Traverse single sign-on app.
The new Traverse app displays on the user's My Apps page.
