# Trusona

### **Configure Keeper for Trusona Integration**

{% hint style="success" %}
Please complete the steps in the [Admin Console Configuration](/en/sso-connect-cloud/admin-console-configuration.md) section first.
{% endhint %}

Visit the [Keeper Admin Console](https://keepersecurity.com/console) and login as the Keeper Administrator.

<https://keepersecurity.com/console> (US / Global)\
<https://keepersecurity.eu/console> (EU-hosted customers)\
<https://keepersecurity.com.au/console> (AU-hosted customers)\
<https://govcloud.keepersecurity.us/console> (GovCloud customers)

{% hint style="success" %}
Note: Passwordless integration can only be applied to specific nodes (e.g. organizational units) within your Admin Console.
{% endhint %}

1\) Click on the **Admin** tab and click **Add Node**

2\) Name the node and click **Add Node**

![Create a node for Trusona in the Keeper Admin](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FCZaLQOM0ZUnqLBNkAjlG%2FTrusona-Keeper-Add-Node.gif?alt=media\&token=c927acb5-bf35-411e-b03c-1329ad21978f)

3\) From the **Provisioning** tab, click **Add Method**

4\) Select **Single Sign-On with SSO Connect™ Cloud** and click **Next**

5\) Enter your **Configuration Name** and **Enterprise Domain**, then click **Save**. Take note of the Enterprise Domain. This will be used later for Enterprise SSO login.

![Configure Trusona  for Single Sign-On with SSO Connect™ Cloud](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FFADvaNSyfdnOCdWLCm1t%2FKeeper-Trusona-Add-SSO-Connect-Cloud.gif?alt=media\&token=3507a2b1-f1ac-40fd-8f82-0d2dd772481d)

6\) The newly-created SAML 2.0 with Cloud SSO Connect provisioning method will be visible. Select **View** from the menu.

{% hint style="info" %}
These items will be used when configuring Trusona later in the documentation.
{% endhint %}

![View Trusona Provisioning Settings](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FkbFt9YkD8fkF2nfmhE9s%2Fimage.png?alt=media\&token=f3c63775-2aa6-4ba7-b0f8-50cbb971da04)

7\) Note the **Entity ID, Assertion Consumer Service (ACS) Endpoint and Single Logout Service Endpoint**

8\) Click **Export SP Cert**

![Note the highlighted fields and Export SP Cert](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FnKx9FUcvqKQYm3WmdMNT%2Fimage.png?alt=media\&token=3ce91fa2-18e6-4d03-a160-2187aff57073)

### Configure **Trusona**

1\) Log into the Trusona Dashboard at <https://dashboard.trusona.com/> scanning the QR code from your mobile device using the Trusona app for [iOS](https://apps.apple.com/us/app/trusona/id1052983449) or [Android](https://play.google.com/store/apps/details?id=com.trusona.trusona\&hl=en_US\&gl=US).

![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FliuNPZwbrNK6e3PLTMiz%2FTrusona-Login.png?alt=media\&token=71b45365-36e0-4131-b2a9-19a47e840e4d)

#### Create Keeper Integration in Trusona

2\) From your Trusona account dashboard, select **Keeper** from the left-hand navigation.

3\) Click **Create Keeper Integration**.

4\) Name the integration and click **Save**.

5\) Click **Download XML** to download the XML metadata for use in the Keeper Admin Console.

![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FF4zLxVEE3IeceDooHGFS%2FTrusona-Setup.gif?alt=media\&token=e8e17e74-e6e7-4bd3-9a17-bf5108854df0)

6\) Select **Keeper** on the left-hand navigation.

7\) Click **Edit** from the **Actions** dropdown menu for your integration.

![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FPm3UcQFD8GtlYETMkHk4%2Fimage.png?alt=media\&token=55fbf37e-f6ee-494b-96b9-caa4cb98acf8)

8\) Paste the following information noted earlier in the documentation when creating the integration in the Keeper Admin Console in the corresponding field:

* **Assertion Consumer Service (ACS) Endpoint**
* **IDP Initiated Login Endpoint**
* **Single Logout Service (SLO) Endpoint**

9\) Under **Certificate**, upload the SP Cert exported from the Keeper Admin Console and Click Save.

![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FEsbdbxZeGbgVGNbvPTqw%2Fimage.png?alt=media\&token=5c8ea5bc-5ed2-4c33-a5f6-e196eb333974)

10\) Return to the Keeper Admin Console

11\) Optionally enable **Just-In-Time Provisioning** to allow users to create accounts in the node by typing in the Enterprise Domain name when signing up.

12\) Under **SAML Metadata**, upload the metadata.xml file downloaded from the Trusona dashboard.

13\) Under **Identity Provider Attribute Mappings**, enter the following:

* **First Name:** given\_name
* **Last Name:** name
* **Email:** <http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress>

![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FoxKq8pc7svw82tqoQOc4%2Fimage.png?alt=media\&token=ca5a5489-3269-461a-851b-650bc1e0bef9)

### **User Provisioning**

Instructions on how to provision users with SSO Connect Cloud can be found [here](/en/sso-connect-cloud/end-user-login-flow.md).

### End User Login

Users may login either using their enterprise domain or email address.

#### **Login Using Email Address**

1. Navigate to the Keeper Vault
2. Enter your email address and click **Next**
3. From your Trusona app on your smart device, scan the QR code on your desktop browser
4. You will now be logged in to your Keeper vault

**Login Using Enterprise Domain**

1. Navigate to the Keeper Vault
2. Click the **Enterprise SSO Login** dropdown and select **Enterprise Domain**
3. Enter the Enterprise Domain name you specified in the Keeper portion of this walkthrough and click **Connect**
4. From your Trusona app on your smart device, scan the QR code displayed on your desktop browser
5. You will now be logged in to your Keeper vault


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/sso-connect-cloud/passwordless-providers/trusona.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.