SAML

Configuring SAML Authentication in Tellius

Tellius supports SAML 2.0 as a secure, enterprise-grade authentication method. By integrating your organization’s Identity Provider (IdP) such as Okta, OneLogin, or Azure AD, users can log in to Tellius using Single Sign-On (SSO) credentials they already use within your enterprise environment.

Steps to configure Tellius in the different identity providers and get the metadata XML file is described in this .

What is SAML?

SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between parties—specifically between an IdP and a Service Provider like Tellius.

When enabled:

• Tellius no longer manages login credentials directly.

• Authentication requests are routed to your IdP.

• Users are automatically created in Tellius on first login.

• Users are authenticated using your existing identity system.

Prerequisites

Before configuring SAML on Tellius, make sure you have:

1. Access to Tellius with Admin privileges and access to your IdP admin dashboard (e.g., Okta, OneLogin).

2. A valid file that includes:

   • IdP Entity ID

   • IdP Login URL (Single Sign-On URL)

   • IdP Logout URL

   • X.509 Certificate

Your internal IT team typically provides this metadata file, or you can generate it from your IdP during setup. For clarifications during setup, contact your internal SAML team, or reach out to Tellius Support.

Upload SAML Configuration in Tellius

Under Settings → Security → Authentication → SAML, provide the following details.

1. Entity ID (Audience URI): This is the unique identifier for Tellius as the Service Provider. Must match the Audience URI value provided during IdP setup.

These mappings connect the user identity details from your IdP to Tellius user profiles. You can skip this section, but it is highly recommended for complete user profile creation. These values should exactly match the user information shared by your IdP during SAML login.

1. Username mapping: The IdP attribute that identifies the user (usually email or username).

2. Email: Attribute in your IdP that stores the user's email

3. First Name: Attribute for user's first name

4. Last Name: Attribute for user's last name

5. Default user role: Selects the role assigned to all new users signing in via SAML for the first time.

Once saved, Tellius is now set to use SAML for authentication.

How SAML login works in Tellius

• Users visiting the Tellius login page will see a “Login” button.

• Clicking the button redirects them to the SAML IdP (e.g., Okta) for authentication.

• If it’s the user’s first login, Tellius will automatically create the user account based on SAML attributes.

• No password setup or user creation is required within Tellius itself.