Some SAML integrations, particularly the ones that auto-provision an authenticated user Just-in-time (JIT), require an extra layer of Authorization in Trusona to prevent un-authorized access. 


Using the Trusona Dashboard, user authorization can be turned on and off for specified users within a target SAML integration.  Note that this is an optional feature and is not required by all SAML integrations. 


To do so sign in to the Trusona Dashboard.


Importing Authorized Users

An admin must include a list of users that they wish to enforce user authentication for.

  1. Using the lefthand menu, click on Generic SAML
  2. Find the integration to be edited and click on "Actions"
  3. From the dropdown menu click on "Import Authorized Usernames"
  4. From the Import Authorized Usernames page, an admin must CSV upload a CSV file. An example is presented on the page. Click "Choose File" to upload the list.
    The specific format required for the CSV file, with a header row of labels as the first row, followed by actual user info data in subsequent rows.
    This user-list is "additive", i.e., the entries from an uploaded user-list-2 will get added to the previously uploaded user-list-1.  The row entries that exist in both versions will be just refreshed with the new information.
  5. After uploading the CSV file, click on "Import Authorized Username CSV".
  6. A green notification bar will indicate the CSV file has been uploaded successfully and the added users will be listed below.
  7. Click on "Go to Integration"
  8. Scroll to the bottom of the page to Require Username Authorization
  9. Click on the check box so that only the usernames that have been uploaded will be allowed to sign in to their accounts.
    By default the Require Username Authorization will not be enabled, and will be unchecked.
  10. Click on "Save" to enable feature.

Exporting Authorized Users

  1. Using the lefthand menu, click on Generic SAML
  2. Find the integration to be edited and click on "Actions".
  3. From the dropdown menu click on "Export Authorized Usernames"
  4. A CSV file of will be downloaded of the list of users that are allowed to authenticate.