πŸ”‘Integrating Your Identity Provider

This guide outlines how IT administrators can integrate an identity provider (IDP), such as Okta or Entra ID (Azure AD), with Trusst AI.

You’ll need to configure an application in your IDP, set up role-based groups matching exactly those specified in Trusst AI Roles and Permissions, and expose these groups in the ID token.


Step 1: Create Security Groups for Roles

Create security groups in your IDP exactly matching these roles:

  • trusst_ai_viewer

  • trusst_ai_evaluator

  • trusst_ai_prompt_admin

  • trusst_ai_agent_admin

  • trusst_ai_app_admin

Okta:

  • Directory β†’ Groups β†’ Add Group β†’ (Role name)

Entra ID:

  • Azure AD β†’ Groups β†’ New group β†’ Security β†’ (Role name)


Step 2: Assign Users to Role Groups

Assign users to the groups representing their required roles.

Okta:

  • Directory β†’ Groups β†’ (Role group) β†’ People β†’ Assign People

Entra ID:

  • Azure AD β†’ Groups β†’ (Role group) β†’ Members β†’ Add Members


Step 3: Register Trusst AI Application

Register a new OIDC web application for Trusst AI.

Okta:

  • Applications β†’ Create App Integration β†’ OIDC β†’ Web Application

  • Sign-in redirect URI: https://trusstai.au.auth0.com/login/callback

Entra ID:

  • Azure AD β†’ App registrations β†’ New Registration

  • Redirect URI: https://trusstai.au.auth0.com/login/callback

Note: Auth0 Client ID and Application ID URI, if required, are provided securely by your Trusst AI integration contact.


Step 4: Assign Role Groups to the Application

Assign previously created role groups to the Trusst AI application.

Okta:

  • Applications β†’ (Trusst AI App) β†’ Assignments β†’ Assign to Groups

Entra ID:

  • Enterprise Applications β†’ (Trusst AI App) β†’ Users and groups β†’ Add user/group


Step 5: Configure Group Claims in ID Token

Expose group claims (roles) in the authentication token.

Okta:

  • Applications β†’ (Trusst AI App) β†’ Sign On β†’ OpenID Connect ID Token β†’ Edit

  • Groups claim type: Filter

  • Filter: Starts with β†’ trusst_ai

Entra ID:

  • Azure AD β†’ App registrations β†’ (Trusst AI App) β†’ Token configuration β†’ Add groups claim β†’ Security groups


Step 6: Complete Integration and Verification

Notify your Trusst AI contact once setup is complete. Verify login with a user assigned to one or more role groups.

See Trusst AI Roles and Permissions for detailed role definitions.

Contact Trusst AI support if assistance is required.

Last updated