# Trusona ### **Configure Keeper for Trusona Integration** {% hint style="success" %} Please complete the steps in the [Admin Console Configuration](https://docs.keeper.io/en/sso-connect-cloud/admin-console-configuration) section first. {% endhint %} Visit the [Keeper Admin Console](https://keepersecurity.com/console) and login as the Keeper Administrator. (US / Global)\ (EU-hosted customers)\ (AU-hosted customers)\ (GovCloud customers) {% hint style="success" %} Note: Passwordless integration can only be applied to specific nodes (e.g. organizational units) within your Admin Console. {% endhint %} 1\) Click on the **Admin** tab and click **Add Node** 2\) Name the node and click **Add Node** ![Create a node for Trusona in the Keeper Admin](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FCZaLQOM0ZUnqLBNkAjlG%2FTrusona-Keeper-Add-Node.gif?alt=media\&token=c927acb5-bf35-411e-b03c-1329ad21978f) 3\) From the **Provisioning** tab, click **Add Method** 4\) Select **Single Sign-On with SSO Connect™ Cloud** and click **Next** 5\) Enter your **Configuration Name** and **Enterprise Domain**, then click **Save**. Take note of the Enterprise Domain. This will be used later for Enterprise SSO login. ![Configure Trusona for Single Sign-On with SSO Connect™ Cloud](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FFADvaNSyfdnOCdWLCm1t%2FKeeper-Trusona-Add-SSO-Connect-Cloud.gif?alt=media\&token=3507a2b1-f1ac-40fd-8f82-0d2dd772481d) 6\) The newly-created SAML 2.0 with Cloud SSO Connect provisioning method will be visible. Select **View** from the menu. {% hint style="info" %} These items will be used when configuring Trusona later in the documentation. {% endhint %} ![View Trusona Provisioning Settings](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FkbFt9YkD8fkF2nfmhE9s%2Fimage.png?alt=media\&token=f3c63775-2aa6-4ba7-b0f8-50cbb971da04) 7\) Note the **Entity ID, Assertion Consumer Service (ACS) Endpoint and Single Logout Service Endpoint** 8\) Click **Export SP Cert** ![Note the highlighted fields and Export SP Cert](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FnKx9FUcvqKQYm3WmdMNT%2Fimage.png?alt=media\&token=3ce91fa2-18e6-4d03-a160-2187aff57073) ### Configure **Trusona** 1\) Log into the Trusona Dashboard at scanning the QR code from your mobile device using the Trusona app for [iOS](https://apps.apple.com/us/app/trusona/id1052983449) or [Android](https://play.google.com/store/apps/details?id=com.trusona.trusona\&hl=en_US\&gl=US). ![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FliuNPZwbrNK6e3PLTMiz%2FTrusona-Login.png?alt=media\&token=71b45365-36e0-4131-b2a9-19a47e840e4d) #### Create Keeper Integration in Trusona 2\) From your Trusona account dashboard, select **Keeper** from the left-hand navigation. 3\) Click **Create Keeper Integration**. 4\) Name the integration and click **Save**. 5\) Click **Download XML** to download the XML metadata for use in the Keeper Admin Console. ![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FF4zLxVEE3IeceDooHGFS%2FTrusona-Setup.gif?alt=media\&token=e8e17e74-e6e7-4bd3-9a17-bf5108854df0) 6\) Select **Keeper** on the left-hand navigation. 7\) Click **Edit** from the **Actions** dropdown menu for your integration. ![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FPm3UcQFD8GtlYETMkHk4%2Fimage.png?alt=media\&token=55fbf37e-f6ee-494b-96b9-caa4cb98acf8) 8\) Paste the following information noted earlier in the documentation when creating the integration in the Keeper Admin Console in the corresponding field: * **Assertion Consumer Service (ACS) Endpoint** * **IDP Initiated Login Endpoint** * **Single Logout Service (SLO) Endpoint** 9\) Under **Certificate**, upload the SP Cert exported from the Keeper Admin Console and Click Save. ![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FEsbdbxZeGbgVGNbvPTqw%2Fimage.png?alt=media\&token=5c8ea5bc-5ed2-4c33-a5f6-e196eb333974) 10\) Return to the Keeper Admin Console 11\) Optionally enable **Just-In-Time Provisioning** to allow users to create accounts in the node by typing in the Enterprise Domain name when signing up. 12\) Under **SAML Metadata**, upload the metadata.xml file downloaded from the Trusona dashboard. 13\) Under **Identity Provider Attribute Mappings**, enter the following: * **First Name:** given\_name * **Last Name:** name * **Email:** ![](https://2503956294-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MB_i6vKdtG6Z2n6zWgJ%2Fuploads%2FoxKq8pc7svw82tqoQOc4%2Fimage.png?alt=media\&token=ca5a5489-3269-461a-851b-650bc1e0bef9) ### **User Provisioning** Instructions on how to provision users with SSO Connect Cloud can be found [here](https://docs.keeper.io/en/sso-connect-cloud/end-user-login-flow). ### End User Login Users may login either using their enterprise domain or email address. #### **Login Using Email Address** 1. Navigate to the Keeper Vault 2. Enter your email address and click **Next** 3. From your Trusona app on your smart device, scan the QR code on your desktop browser 4. You will now be logged in to your Keeper vault **Login Using Enterprise Domain** 1. Navigate to the Keeper Vault 2. Click the **Enterprise SSO Login** dropdown and select **Enterprise Domain** 3. Enter the Enterprise Domain name you specified in the Keeper portion of this walkthrough and click **Connect** 4. From your Trusona app on your smart device, scan the QR code displayed on your desktop browser 5. You will now be logged in to your Keeper vault