SAML Single Sign-On (SSO)
This feature is available only on the Enterprise plan.
Security Assertion Markup Language (SAML) is an XML-based framework for enabling authentication through a third-party identity provider.
SAML offers the ability to:
- Manage a password policy across multiple applications
- Access multiple applications securely
- Reduce the risk of lost or forgotten passwords
Transifex supports SAML 2.0.
Okta is the only supported Identity Provider (IdP), at the moment. If you are using a different IdP, please contact our support team.
Only one Identity Provider can be configured per organization.
In order to configure the SSO in Transifex, you must provide our support team with the following:
OKTA login URL
X.509 Certificate, issued by OKTA
Issuer: A unique ID assigned by OKTA, that identifies the account of the customer that uses SSO
Session time-out: The session time-out period configured in Okta, that applies to all integrated applications.
Each SSO enabled organization can define a custom session timeout setting for his organization in the SSO settings. The custom session timeout value will be used only if the user logs in from the IDP. If the user logs in from the login form (hybrid login) the default session timeout (the default session expiration is 1 month) is used.
Apart from the above required parameters, you may inform us of the following:
- If a one-time migration of the active user sessions is desired, upon activation of the Single Sign-On login.
- A date threshold, after which the one-time migration will not be executed, even if it is enabled and there are still active user sessions.
2 Factor Authentication (2FA)
Okta supports 2FA. Please contact your IT department to enable it for your organization.
The user's email address must be present and the same in both Transifex and in Okta. If the email is changed in Okta, then you need to make sure that
- the Okta username is also updated
- the Transifex email is also updated
Enabling SAML for an organization will NOT mandate all users to sign in only via SAML: the user can select their type of login from the main login page. The access type is logged in Transifex (in case the old Transifex username coincides with the SSO username, for example).
You can log in to Transifex using one of the two ways listed below.
Log into Okta, using the URL supplied by your IT department
Select Transifex from the list of applications
You will be taken to your organization’s dashboard in Transifex