Setting Up Single Sign On (SSO)

TestingBot supports Identity Provider (IdP)-initiated and Service Provider (SP)-initiated Single Sign-On (SSO) via the SAML 2.0 protocol. This allows your authorized employees to access TestingBot in a moderated fashion, as an alternative to using passwords.

To start using SSO, please make sure you have an Identity Provider (IdP) set up.

Setting Up Identity Provider

TestingBot provides preconfigured SAML applications for a selection of Identity Providers (IdPs). These applications allow you to integrate SSO with TestingBot in a very easy way. Below is a list of SAML applications available:

To set up a custom Identity Provider, such as Salesforce, ForgeRock, Auth0 or others, please follow the steps below.

  1. Retrieve the SAML metadata from TestingBot.
  2. Log in to your identity provider's administrator panel.
  3. Create a new SAML application or integration.

    If your IdP does not allow you to upload the metadata file, you can set up the integration manually.

  4. Export SAML metadata of your newly created SAML application. Please email it to us so that we can set up the connection for you.

Service Provider SAML Requirements

Below is a list of settings that are required by the TestingBot Service Provider:

Setting Name Value
Entity ID https://testingbot.com/users/saml/metadata
Assertion Consumer Service (ACS URL, Reply URL) https://testingbot.com/users/saml/auth
Name ID (Unique User Identifier) email
Name ID format/policy urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Idp Cert Fingerprint Algorithm http://www.w3.org/2000/09/xmldsig#sha256
Login URL https://testingbot.com/users/sign_in

SAML Claims

TestingBot Service Provider supports the following SAML custom claims:

  • email
  • first_name
  • last_name

SSO Options

We provide the following options with Single Sign On:

Just-In-Time (JIT) Provisioning

If a user from your organization logs in through SSO, we can automatically create an account for this user on TestingBot, which will be associated to your team. Each user will be able to see the tests created by other members of your organization.

If this setting is disabled, users that are not yet registered with TestingBot will not be able to use TestingBot.

Enforce SSO (Big Bang)

When this setting is enabled, users in your organization must log in through SSO.
All other authentication methods will not be allowed.

Email verification

New users logging in through SAML for the first time will automatically have their account (and email address) verified.

Unsupported Features

We currently do not provide support for these features:

  • SLO (Single Logout)
  • SCIM (System for Cross-domain Identity Management)