This Help Center is a preview of a future release. The final Help Center will be available on the Validation date.

Single Sign-On

TraceLink Single Sign-On (SSO) and Company SSO enable users in your company to authenticate seamlessly across Tracelink apps, networks, and Links. When your company is enabled for either TraceLink SSO or Company SSO, newly added users are automatically provisioned with SSO access. If your company is not yet enabled for either option, contact Tracelink Support to enable SSO for your company and all associated users.

System Administrators can manage SSO settings for user accounts, including enabling, disabling, or verifying a user’s SSO status. Users added through Track & Trace Services (TTS) Company Administration will also inherit TraceLink SSO access if their company is enabled for Tracelink SSO or Company SSO.

  1. Select the Main Menu icon.

  2. Select Company Administration in the main menu.

  3. Select Single Sign-On Settings from the left menu.

  4. Select Sign-On Settings from the left menu.

  5. View the following information in the Single Sign-On Settings Details screen:
    1. General section – Selected authentication method, multi-factor authentication status, and session timeout duration. View the selected authentication method, multi-factor authentication status, and session timeout duration.
    2. Account Login Attempts section – Configured limit for failed login attempts, automatic account unlock timing, and unlock account status.
    3. Password Settings section – Password expiration status, expiration period, and restrictions on reusing previous passwords.
    4. Company Single Sign-On Settings section – Company’s SSO certificate and URL, along with the SP Entity ID and Assertion Consumer Service (ACS) or Redirect URL.

  6. Select the Edit button.

  7. Fill the following information in the General section:

    1. Authentication Method drop-down – The type of authentication required to log in to TraceLink.

      • Tracelink SSO – This is the default option. Authenticates users through the TraceLink’s SSO system.
      • Company SSO – Authenticates users through the company’s own SSO system.

    2. Multi-factor Authentication switch – A second layer of authentication when using Tracelink SSO for your company users. This switch is enabled only when you select Tracelink SSO from the Authentication Method drop-down.

      • Enabled – Multi-factor authentication is required for all users.
      • Disabled – Multi-factor authentication is explicitly disabled.
    3. Expire User Session After (Minutes) field – Specify the session timeout duration for users in your company.
  8. Fill the following information in the Account Login Attempts section. This section is enabled only when Tracelink SSO is selected in the Authentication Method drop-down.

    1. Failed Login Attempts Allowed field – Set the maximum number of failed login attempts before the account is locked.

    2. Auto-unlock Account After(minutes) field – Set the time interval after which a locked account is automatically unlocked.

    3. Auto-unlock Account After Specific Duration switch – Automatically unlocks user accounts after the specified duration.
      • Allowed – The account is automatically unlocked after the specified duration.
      • Not Allowed – The account remains locked; a password reset is required to regain access.

  9. Fill the following information in the Password Settings section. This section is enabled only when Tracelink SSO is selected in the Authentication Method drop-down.

    1. Password Auto Expires switch – Automatically expires user passwords after a defined period.

      • Enable – Passwords expire after the specified number of days.
      • Disable – Passwords do not expire.

    2. Password Expires After (days) field – Specify the number of days after which the password expires. This field is enabled only when the Password Auto Expires switch is set to Enabled.

    3. Restrict Reuse of Previous Passwords switch – Set whether to prevent users from reusing their previous passwords.

      • Enable – Restricts the reuse of previous passwords.
      • Disable – Allows users to reuse previously used passwords without restriction.

    4. Restrict reuse of This Number of previous passwords field – Set the number of previous passwords that cannot be reused. This field is enabled only when the Restrict Reuse of Previous Passwords switch is set to Enable.

  1. Fill the following fields in the Company Single Sign-On Settings section. This section is enabled only when Company SSO is selected in the Authentication Method drop-down.

    1. Single Sign-On Certificate field – Required. Enter your company’s single sign-on certificate in the provided text box.
    2. SP Entity ID field – Read-only field displaying the static value https://sso.tracelink.com/auth/realms/opus.
    3. Single Sign-On URL field – Required. Enter your company’s Single Sign-On URL in the provided text box.
    4. Assertion Consumer Service (ASC) OR Redirect URL field – Read-only field displaying the URL where the external IdP redirects the user and sends the SAML response after authentication.

  1. Select the Save button.

    The updated sign-on settings display in the results table.