Federated SSO

Modified on Wed, 16 Aug, 2023 at 2:23 PM

What is Federation?

Aug 19, 2022•Knowledge

What is Federation?

Federation is a type of secure login where a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. A federated identity in information technology links a person's electronic identity and attributes stored across multiple identity management systems. Single Sign-On (SSO) and log-in with Social Identity (Google, Apple, etc.) are the two most common forms of this. A user that is using one of these options utilizes their existing domain email to log into multiple systems, devices, or programs.


Why would I use Federated Identities?

Jul 7, 2021•Knowledge

Why would I use Federated Identities?

Single users logging on to Trimble applications must register themselves with Trimble Identity. Federation is for enterprise-level users. 


For enterprise-level users, having multiple identities, usernames, and logins can cause security issues. Federation lets customers or partner users access Trimble applications without presenting additional credentials. This allows customers outside the Trimble network to manage their users with Just-In-Time provisioning and keep a single set of credentials for end-users. Federation authentication helps set up a trusted relationship with Public Providers or other enterprise identity providers.


By setting up federated authentication, Identity establishes a trust relationship with the identified external domain and accepts the user's identity that comes from these domains. 


What are the commonly supported identity providers (IdPs) for Trimble ID Federations?

Identified the commonly used and supported IdPs for Trimble ID Federations


Aug 19, 2022•Knowledge

What are the commonly supported identity providers (IdPs) for Trimble ID Federations?

Trimble ID Supports four identity providers (IdPs), AzureAD, Microsoft AD FS, Google, and Okta.

Azure AD: Azure Active Directory (Azure AD) is a cloud identity provider that provides SSO and MFA for SAML applications.

Microsoft AD FS: Active Directory Federation Service (ADFS) is a companion tool to the Windows server's directory service as it helps extend the on-premise identities to the cloud.

Google Cloud Identity Platform: Identity Platform provides Google-grade customer access identity management. It provides compatibility with both SAML, OIDC and other authentication methods.

Okta: An identity-as-a-service (IDaaS) platform that is hosted on a secure server. It hosts a variety of cloud services, including Single Sign-On (SSO), Active Directory (AD), Multi-Factor Authentication (MFA), and more.

Exceptions: Other IdPs that support OAuth 2.0 may be able to be configured. However, this often requires additional IdP configuration to be done by the company being federated. Selecting this option increases the turnaround time for a Trimble ID Federation setup. 


What Federation protocols does Trimble ID support?

Aug 19, 2022•Knowledge

What federation protocols does Trimble ID support? Published

 

Trimble ID supports two protocols: SAML and OpenID Connect (OIDC).

SAML: Security Assertion Markup Language (SAML) is an authentication protocol that transfers authentication data between an identity provider and a service provider in XML format. 

OIDC: OpenID Connect (OIDC) is an authentication protocol based on OAuth2 that transfers authentication data between an OIDC-supported identity provider. Authentication data is transferred in JSON format. 

The main difference between these protocols is that SAML uses XML-based federation, whereas OIDC uses JSON. As well, pre-configuration of the entities is required in SAML, which allows for robust configuration, whereas OIDC works with only compatible identity providers.


Are there costs associated with Trimble ID Federation?

Answers the question of whether there are costs associated with the Trimble ID federation


Aug 19, 2022•Knowledge

Are there costs associated with Trimble ID Federation? 

Trimble Identity Federation is a free add-on service to Trimble ID (TID). Customers who use Trimble ID v4 can request a Federation. Please take note of protocol, identity provider, domain, and other technical requirements.


How do I request the Trimble ID Federation setup?

Aug 19, 2022•Knowledge

How do I request the Trimble ID Federation setup? 

To initiate a Trimble ID Federation configuration, complete the Trimble ID Federation Form. Once completed you will immediately receive a follow-up email advising on the next steps.

What resources are available with respect to Trimble ID federations?

Identifies available resources with respect to setting up Trimble ID federations


Aug 19, 2022•Knowledge

What resources are available with respect to Trimble ID federations?

The Trimble Help Center (help.trimble.com) is the best place to find information about federations and Trimble ID Federations. This resource is available to both internal and external Trimble Customers. 


All Trimble internal and external customers can contact Trimble Identity Federations at

tidfederations@trimble.com. This support email is for any and all questions about Federations and is the communication medium between federation stakeholders, integrators, and end customers throughout the configuration process.


What are the Trimble ID Federations privacy policies?

Aug 19, 2022•Knowledge

What are the Trimble ID Federations privacy policies? 

A Federation does not store private user data. Access to applications is facilitated by authentication of a user's digital “token” rather than names, emails, and other personal information.

In addition to the standard security controls for all Platform services, Trimble Identity, as the user store of record for usernames and passwords, has additional security controls in place to protect these sensitive resources. All user passwords are salted and hashed before storage, and the database containing these hashed passwords is encrypted at rest. Increased password complexity may be optionally enabled for accounts, and email verification is required for tasks like account creation and password reset.

All core and utility services in the Trimble Cloud Core Platform are developed in accordance with the Trimble Secure Development Lifecycle (TSDLC). TSDLC requires numerous controls to verify applications are developed in a secure fashion, including:


Vulnerability scanning (Nessus Tenable)

Intrusion detection (Crowd Strike)

Dynamic code analysis (Rapid7 AppSpider)

Static code analysis (SonarQube)

Open source vulnerability analysis (WhiteSource)


What is the process of configuring a federation? 

Describes the federation configuration process.


Oct 24, 2022•Knowledge

What is the process of configuring a federation? 

The process of configuring a federation is determined by the identity provider and protocol used by the customer being federated. 

Multi-Tenant: A Multi-Tenant Federation will be configured if the organization uses AzureAD as an identity provider and OIDC as the protocol.

Note: For a Multi-Tenant Federation, if a user logs in during the time between when the federation for all users has been configured and before the customer AzureAD administrator, they will be challenged to accept the federation. This is why it is important to provide a definitive launch date and stick to it. 


Guided Federation: A Guided Federation will be configured for all other combinations (not AzureAD and OIDC which is Multi-Tenant) of supported identity providers and protocols. There are two processes for a Guided Federation which is determined by the organization's protocol, either SAML or OIDC.

SAML Guided Federation:

OIDC Guided Federation:

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article