Single Sign On (SSO)
Overview
This documentation is recommended to be completed in conjunction with a member of the Thnks SSO team for exchanging sensitive information.
Please complete the ‘Client to Provide’ section of your desired connection and send back to sso@thnks.com. A member of our team will follow up shortly. In your email back please be sure to provide the connectionName used as well.
Thnks is committed to providing a seamless and secure experience for our enterprise clients. To achieve this, we leverage Auth0, a robust and versatile authentication solution, to enable Single Sign-On (SSO) connections to the Thnks platform. This instruction sheet will guide you through the process of configuring connections using OpenID Connect (OIDC), Security Assertion Markup Language 2.0 (SAML2.0), or Azure Active Directory, depending on your organization’s preference and requirements.
OIDC
1
Thnks Information
| IdP Field | URL |
|---|---|
| Post-back URL | https://thnks.us.auth0.com/login/callback?connection= |
| Login Redirect URL | https://thnks.us.auth0.com/login/callback |
2
Client Information
In order to establish a SSO connection, the client needs to provide the following:
| IdP Information | Example |
|---|---|
| Client ID | 0oa4ntasdawevvpA2j697 |
| Client Secret | EASf9W2MC-lFreJWVusZAWRQWFeOzvv4BgcOUKw |
| Issuer URL | https://acme.okta.com |
| Home Realm Discovery Domain | acme.com |
3
Verification
Once Thnks has received the information from Step 2, we will create and test the connection in Auth0.
4
Testing
Once connection has been finalized, Thnks will create or modify a user for the client test team to confirm SSO connection is complete.
SAML 2.0
1
Thnks Information
| IdP Field | URL |
|---|---|
| Post-back URL | https://thnks.us.auth0.com/login/callback?connection= |
| Recipient URL | https://thnks.us.auth0.com/login/callback?connection= |
| Destination URL | https://thnks.us.auth0.com/login/callback?connection= |
| Entity ID/Audience URI | urn:auth0:thnks: |
| Issuer URL | Example: https://acme.okta.com |
2
Client Information
In order to establish a SSO connection, the client needs to provide the following:
| IdP Information | Example |
|---|---|
| Sign-In URL | Example: https://sso.acme.com:9031/idp/SSO.saml2 |
| X.509 Signing Certificate | Example: okta.cert |
| Secure Hash Algorithim Preference | SHA1 or SHA256 (Default: SHA256) |
| Mapping Schema | Example: { "user_id": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"], "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" } |
3
Verification
Once Thnks has received the information from Step 2, we will create and test the connection in Auth0.
4
Testing
Once connection has been finalized, Thnks will create or modify a user for the client test team to confirm SSO connection is complete.
Azure AD
1
Client Information
| IdP Field | URL |
|---|---|
| Microsoft Azure AD Domain | Example: your-azure-ad-domain.com |
| Client ID | Example: 0oa4ntasdawevvpA2j697 |
| Client Secret | Example: EASf9W2MC-lFreJWVusZAWRQWFeOzvv4BgcOUKw |
| Entity ID | urn:auth0:thnks: |
| Redirect URI | https://thnks.us.auth0.com/login/callback |
| Identity API (Why Upgrade to v2) | Microft Identity Platform (v2) or Azure Active Directory (v1) |
2
Verification
Once Thnks has received the information from Step 2, we will create and test the connection in Auth0.
3
Testing
Once connection has been finalized, Thnks will create or modify a user for the client test team to confirm SSO connection is complete.