Skip to main content
All CollectionsTryHackMe for OrganisationsFunctionalities for Business and Education
Configuring Single Sign-On (SSO) for your Organisation
Configuring Single Sign-On (SSO) for your Organisation

How to set up and federate your Identity Provider with TryHackMe using Single Sign-On (SSO) via SAML 2.0 and OIDC.

D
Written by Danielle
Updated over a week ago

Access

To configure Single Sign-On (SSO) for your account, you must first get SSO enabled for your dashboard. Please contact your Customer Success Manager or Technical Support to have SSO enabled on your account.

Configuration

Please follow the steps below to configure and enable SSO for your account and users:

Step 1 - Verify your domain

Single sign-on settings page

Domains are used to recognise your users during login and sign up via SSO. Domain verification proves ownership of a domain to increase security and prevent unauthorised domains being registered with your account.

To verify your domain(s), please follow the steps below:

  1. Head to the SSO configuration page under Settings in the Management Dashboard.

  2. By default, the website domain associated with your account will be verified.

  3. If this default domain cannot be verified, click on the 'Verify domain' button, which will redirect you to the domain verification webpage.

  4. Enter the domain you wish to verify and follow the instructions given to you on screen, including adding the relevant TXT document to your DNS records.

  5. To verify additional domains, click the 'Add additional domain' button in the Add additional domains section at the bottom of the SSO settings page. Note: additional domains can only be added after adding at least one domain following the steps above.

Add and verify additional domains for SSO from the SSO settings page in the Management Dashboard

Step 2 - Configure your provider

Once you have verified a domain, the option to configure your chosen Identity Provider will be enabled. To begin, click on the 'Configure provider' button under Step 2 of the SSO settings page.

Configure provider from the SSO settings page in the Management Dashboard

Choose your Identity Provider from the list of supported vendors. If your Identity Provider is not listed, or you are using custom authentication, select the custom SAML or OIDC options.

Selecting your identity provider for Single Sign-On configuration

After selecting your Identity Provider, follow the on screen instructions to configure and federate with the TryHackMe platform.

example configuration steps for Single Sign-On

Step 3 - Testing Single Sign-On configuration

After following the configuration steps for your Identity provider, head to the SSO login page at https://tryhackme.com/r/login/sso to test your configuration is set up correctly:

  1. Enter the user email you wish to log in with using Single Sign-On.

  2. If the domain entered matches the SSO configuration for your account, you will be redirected to your Identity Provider's login page.

  3. Complete login via your Identity Provider.

  4. On successful login, you will be redirected back to TryHackMe automatically.

Following successful login via SSO, your business account with TryHackMe is now ready to use Single Sign-On across all of your users.

FAQs & Troubleshooting

Q: Can I create a new account using Single Sign-On?

A: Yes. If you do not have an account with TryHackMe, one will be created automatically for you the first time you successfully sign in with SSO.

Q: I already have an account on TryHackMe, can I login with SSO?

A: Yes. If the email address of your existing account matches the email address you wish to use for Single Sign-On, the account will be migrated to a Single Sign-On account after the first time you successfully log in with SSO. Note: after logging in with SSO, you will no longer be able to sign in with your username and password.

Q: Can I revert my account from SSO to one which uses a username and password?

A: No. For security measures, accounts using SSO cannot be authenticated by any other means, or migrated to a different authentication method.

Q: Can I change my email address after logging in with SSO?
A: No. For security and access control measures for your organisation, accounts using SSO cannot change their email address. Please note - SSO accounts cannot be migrated to a personal / alternate email address.
โ€‹

Q: Will new users be added to a business seat automatically when they sign-up with SSO?

A: No. Single Sign-On does not provision business seats automatically at this time. Admins must continue to add users via their email address to seats from the Management Dashboard to give them full access to the Business plan.

Q: Can I change identity provider?

A: Please contact technical support or your Customer Success Manager if you need to make changes to your SSO configuration.

Q: I am having trouble verifying my domain.

A: Please contact technical support or your Customer Success Manager who will be able to assist you.

Q: I am having trouble configuring my identity provider.

A: Please contact technical support or your Customer Success Manager who will be able to assist you.

Contact

  • Existing B2B or EDU customer and have questions? Please contact your Customer Success Manager or Technical Support.

  • Please contact [email protected] if you'd like to explore whether TryHackMe could be a good fit for your organization. Alternatively, book a meeting directly with the Sales team: For Education, For Business

Did this answer your question?