Single Sign-On is a TestRail Enterprise feature. Please contact us to upgrade your license to the Enterprise product tier to access this functionality.
TestRail’s SSO integration allows administrators to enforce security policies to help ensure users’ credentials aren’t lost, stolen, or reused. TestRail lets you integrate with your preferred SSO identity provider (IDP) using SAML 2.0, OAuth 2.0, and OpenID Connect protocols. In practice, this means that the management of users can be streamlined by creating them once in the IDP and then providing them with access to whichever applications are required by the user – TestRail, in this case.
Once configured, TestRail SSO will automatically authenticate new users that have been authorized to use TestRail in the IDP. This means that testers can login once, and get on with their work, and administrators no longer need to concern themselves with the day to day management of users in TestRail.
You can enable SSO by navigating to Administration > Site Settings > SSO, choosing your preferred protocol, and filling out the required settings. You can use the SSO configuration page to integrate with any identity provider that supports SAML 2.0, OAuth 2.0, or OpenID Connect.
The following guides can help you configure your preferred SSO protocol:
- OAuth 2.0 – Azure
- OAuth 2.0 – Google
- OAuth 2.0 – Okta
- OpenID Connect – Azure
- OpenID Connect – Google
- OpenID Connect – Okta
- SAML 2.0 – Azure
- SAML 2.0 – Google
- SAML 2.0 – Okta
With SSO configured, you have some additional options for managing your users:
- Choose which users have SSO enabled by editing the user accounts. This option is available when editing users individually, or in bulk.
- Manage users in your SSO identity provider and have TestRail automatically create users if they are successfully authenticated, forcing them to login using their SSO identity. This option is available when configuring Single Sign On.
- When logging in, users can choose one of these options:
- Continuing to login with their TestRail credentials in addition to the SSO login.
- TestRail forces users to login with the integrated SSO Identity Provider.
This option is available when configuring single sign-on.
If you deactivate users in your IDP, you should also deactivate them inside TestRail. User statuses (active/inactive) are not synchronized between TestRail and your IDP.