Federated Single Sign On

Federated Single Sign-on allows users to integrate with their organization's IDP (Identify Provider) solution so that users may log in to TPM with their own organization login credentials, rather than maintain a separate TPM username and password specific to the TPM application.

When a federated user starts to login to TPM they are redirected to their organization IDP for authentication (username, password). The IDP then sends a SAML response to the Textura SSO service (SP) indicating that the user is authenticated, and the username / email. A relationship Relying Party Trust is setup beforehand between SP and the IDP so the two systems can cooperate. SP then creates a user session in TPM and redirects the user to TPM with the new session.

NOTE: TPM does not see or have access to the user's password. That is known only to the IDP.