Skip to main content
Feedback

Single sign-on

SSO integration with MFT AFT is a three part process:

  1. Customer is provided with the information needed to setup the application in their identity provider (IdP).
  2. Once customer has registered the application/s in the IdP certain parameter are provided to MFT to configure our side of the integration.
  3. We will schedule a meeting to test your SSO application/s.

For each instance, create an application with your SSO Identity provider (IdP). The information in this email will assist you with creating your SSO application.

There are three steps to this process

  1. Create your SSO SAML Application within your identity provider (IdP)
  2. Send us your SSO information once the application is completed so we may update your SSO information in our system
  3. Meet to test the SSO SAML links
note

Each Instance will need its own application.

Step 1

The 1st step is setting up your SSO SAML applications. In this step, we provide all of the information you require to successfully create your SAML application with your identity provider (IdP).

  1. Log into your identity provider (IdP) - Azure AD
  2. Create a new SAML Application
  3. Use the information below to complete the application setup:

Service Single Sign On URL and Entity ID

Below is the Service Single Sign On URL and Entity ID you will need for your Prod application:

Prod Instance: https://us.thruinc.com/api/saml/AssertionConsumerService?code=”Customer Code”

Entity ID: ThruUS-”Customer ID”-”Customer Code” for Production

note

The Service Single Sign On URL provided is specific to the US instance. If your organization uses a different regional MFT instance (such as EU, APAC, or other global locations), you will need to modify the base URL accordingly. For example, an EU instance might use https://eu.thruinc.com/... instead of the US URL.

To obtain the correct Customer Code and Customer ID for your specific instance, you must contact MFT Support. They will provide you with the unique identifiers required to configure your Single Sign On (SSO) settings accurately. Ensure you have these specific details before proceeding with your SSO implementation.

caution

Be sure to select “Use this to be Recipient URL and Destination URL”.

Required Claims

usernameUnique IdP user ID which will be used as username (UserID claim)
emailaddressUsers email address
givennameFirst Name
surnameLast Name
phoneUser’s Phone Number (Optional)

Most identity providers exhibit similar characteristics. Below is a screenshot of the Azure AD SAML settings used during application creation.

c212322e-c82d-4c7f-9c58-89271df9a020.png

When setting up the Transformation, use your customer code. The screenshot below is for example only.

b3630d79-b07f-45db-89d5-2cc564af8c8b.png

caution

Use your instance system code for the transformation. The one in the screenshot below is for demonstration only.

This is what the screen should look like after you set up the transformation. This will append your customer code to the username when logging in via SSO.

4fc25d0a-1a6d-4b0c-9ed5-df86e4c16378.png

27687914-d0a8-4c6f-833c-04fe6be633e5.png

Step 2

In the 2nd step we need the following information from your identity provider:

  • Name - Identity Provider URI
  • Single Sign On Service URL
  • Certificate in *.Cer file format

770a5e76-2509-4122-a8fc-9a6a1774a4da.png

Once we receive the required information above, our MFT DevOps Team will update our MFT Servers completing the SSO setup process.

Step 3

MFT Customer Success Team will follow up with you to schedule a meeting. In this meeting, we will test the SSO application links and verify users can authenticate and that new users get created successfully.

On this Page