Single Sign On (SAML)

Testersuite provides support for SSO (single sign on) via the SAML standard. This works by matching a username on the SAML Identity Provider side with the username in Testersuite. Testersuite does not work with user provisioning. Therefore, a user who wants to use SSO must always be created in Testersuite.

The settings for using SAML SSO can be found in the Administrator portal under Settings

What do you need to implement Single Sign On in Testersuite?

  • A Testersuite Professional or Premium subscription
  • Access the Testersuite administrator portal
  • A working SAML 2.0 identity provider (for example, ADFS, Azure AD or Auth0). This is the service you want to use to log in via SSO in Testersuite
  • Basic knowledge of SAML and its setup

Creating a new SSO configuration

  1. In Testersuite , go to Administrator portal -> Settings -> SAML SSO (tab)
  2. Click New. A form is displayed with the following fields:
    1. Enabled: Check this field to enable your connection. This will display an SSO link on your users' Testersuite login screen.
    2. Name: Give the SSO configuration a name. This name will be the text for SSO link on the login screen.
    3. Sp certificate and Sp key: Use a tool such as Samltool.com to create a new X.509 certificate. The State/Province Name, Organization Name and Common Name fields are required. Exactly what you enter here is not important, but these fields are required to generate the certificate. Set a distant expiration date to prevent maintenance. Do not set a passphrase for the private key. Fill in the Sp certificate and Sp key fields with the information obtained.

Find and download or open the Metadata XML file on the side of your identity provider. Use the data from this file to populate the rest of the form's fields. Below you will find where in the XML file you can find the required information for each field.

  1. Idp entity id: The ID of the identity provider
    • XML field EntityDescriptor entityID
  2. Single sign on service location: The location to which login requests are sent
    • XML Field SingleSignOnService Location
  3. Idp username attribute: The attribute on your identity provider's side, corresponding to the users' login name in Testersuite. For example, this could be the emailaddress or givenname attribute. If the desired attribute is not present in the metadata XML file, it must first be created on the identity provider side.
    • XML Field Attribute Name
  4. Idp certificate
    • XML field X509Certificate
  5. Idp sign metadata: Some identity providers require the metadata to be signed. Check this option if this is the case.

After setting these fields, save the configuration. Users can then log in using the SSO link you created on the Testersuite login screen.

Still can't figure it out and need help? Feel free to contact support@testersuite.nl