Breadcrumbs

TranslationOS Single Sign-On (TOS SSO)

Okta

See these official instructions for reference.

Create an integration, configure SAML & get the metadata URL

  1. In the Admin Console, go to Applications > Applications.

  2. Click Create App Integration.

  3. Select SAML 2.0 as the Sign-in method.

  4. Click Next.

  5. Provide the general information for the integration and then click Next.

  6. Provide the necessary SAML settings information for your integration:

Field

Value

Single sign-on URL

Sandbox: https://sandbox-temp-url.auth.eu-central-1.amazoncognito.com/saml2/idpresponse

Production: https://production-temp-url.auth.eu-central-1.amazoncognito.com/saml2/idpresponse

Audience URI (SP Entity ID)

Sandbox: urn:amazon:cognito:sp:eu-central-1_T7VmNf7NL

Production: urn:amazon:cognito:sp:eu-central-1_kQEOSHc18

Default RelayState

Leave empty

Name ID format

Keep default

Application username format

TranslationOS SSO requires a value equivalent to the user’s email address, as the domain is used to identify users.

Update application username on

Keep default

Populate the attribute statements as follows:

Name

Name format

Value

email

Unspecified

user.email

givenname

Unspecified

user.firstName

lastname

Unspecified

user.lastName

name

Unspecified

user.displayName

  1. Click Next.

  2. Provide configuration information about your app integration to Okta.

    1. Select I'm an Okta customer adding an internal app.

    2. Select It's required to contact the vendor to enable SAML. Fill in the provided fields to help the Okta support team understand your SAML configuration.

    3. Click Finish. Your integration is created in your Okta org. You can modify your integration's parameters and assign it to users.

  3. After you create your SAML app integration, the SAML Signing Certificates section appears on the Sign On tab. Switch to the Sign On tab and navigate to the SAML Signing Certificates section.

  4. Click the Actions drop-down alongside the relevant certificate.

  5. Choose View IdP metadata.

  6. Copy the metadata URL.

Send information to Translated

Send the following to Translated:

  • The metadata URL.

We will do some configuration on our end, then let you know when you can continue.

Enable the app for your users

Follow these instructions.

Log in to TranslationOS

At this point, the added users need to log in to TranslationOS using their Okta email address to trigger the creation of various records on our end so that we can configure permissions and automatic permission assignment rules.

Microsoft Entra (Azure)

Create a new app

  1. Navigate to the Microsoft Entra Gallery.

  2. Click Create a new application.

  3. Give the app a name, e.g. TranslationOS.

  4. Select Integrate any other application you don’t find in the gallery (Non-gallery).

  5. Click Create. It will take a few seconds to be completed.

Edit Basic SAML Configuration

  1. In the Overview screen, choose Single sign-on in the sidebar.

  2. Select SAML.

  3. Click Edit alongside Basic SAML Configuration.

  4. Click Add identifier under Identifier (Entity ID).

  5. Insert one of the following, depending on the environment being configured:

    1. Sandbox: urn:amazon:cognito:sp:eu-central-1_T7VmNf7NL

    2. Production: urn:amazon:cognito:sp:eu-central-1_kQEOSHc18

  6. Click Add reply URL under Reply URL (Assertion Consumer Service URL).

  7. Insert one of the following, depending on the environment being configured:

    1. Sandbox: https://sandbox-temp-url.auth.eu-central-1.amazoncognito.com/saml2/idpresponse

    2. Production: https://production-temp-url.auth.eu-central-1.amazoncognito.com/saml2/idpresponse

  8. Click Save.

Configure Attributes & Claims

  1. For each claim:

    1. Click on the row.

    2. Empty the namespace field.

    3. Click Save.

  2. Take a screenshot of the Attributes & Claims view.

Screenshot 2025-01-09 at 12.28.25.png

Get the App Federation Metadata URL

  1. Go to the SAML Certificates section.

  2. Copy the App Federation Metadata Url.

Send information to Translated

Send the following to Translated:

  • The screenshot of the Attributes & Claims view.

  • The App Federation Metadata Url.

We will do some configuration on our end, then let you know when you can continue.

Enable the app for your users

  1. In the sidebar, choose Users and groups.

  2. Click Add user/group.

  3. Proceed as appropriate.

Log in to TranslationOS

At this point, the added users need to log in to TranslationOS using their Okta email address to trigger the creation of various records on our end so that we can configure permissions and automatic permission assignment rules.

FAQ

When I try to access TranslationOS from my app list, it doesn’t work

TranslationOS SSO authentication can’t be initiated by the identity provider (IdP), i.e. by selecting the app in the list provided on the authentication platform. To log in to TranslationOS, you must visit it directly and log in from there.