Federate with Trimble Identity to simplify user account management and login
Trimble® Identity, or TID, is a way for users to log in to all things Trimble. Managing multiple logins across different platforms and applications can be a cumbersome task for administrators and users. For organizations with their own domain, this is where federation with Trimble Identity (TID) comes into play.
By federating your organization's identity provider (IdP) with Trimble Identity, you can streamline the login process for your users, ensuring a seamless and secure experience across Trimble applications. In this guide, we will walk you through the process of federating with Trimble Identity.
Understanding the benefits of federation
Federation is beneficial to organizations for a number of reasons:
- Single Sign-On (SSO): Users can log in once and gain access to multiple applications without needing to re-enter credentials
- Ease of setup: Users can sign in to Trimble apps they are given access to without needing to create a Trimble Identity account
- Enhanced security: Centralized authentication reduces the risk of password-related security breaches. Organizations can enforce their own security policies
- Improved user experience: Simplifies the login process, reducing the need for password management and increasing productivity
Federating with Trimble Identity
The following steps provide an overview of the process to federate with Trimble Identity. Commonly supported identity providers (IdPs) for Trimble Identity federations include, but are not limited to:
- Auth0
- Microsoft Entra AD (formerly Azure Active Directory (AD))
- Microsoft Active Directory Federation Service (ADFS)
- Google Cloud Identity Platform
- Okta
We recommend you contact your Trimble partner to assist you with this process if required. It can take some time to process federation requests; please ensure that you begin the process as soon as you are able.
1. Prepare your environment
To federate with Trimble Identity, ensure your organization has:
- An identity provider that supports SAML 2.0 or OpenID Connect
- Administrative access to your IdP's configuration settings
- Administrative access to your organization’s DNS configuration
2. Request federation from Trimble
Complete the Trimble ID federation form. The form requests the following information:
- Main contact(s) name and email. This must include a technical contact who has admin access to the customer’s identity provider (IdP).
- Test user account(s)1
- Domain(s) to be federated
- Identity Provider used (IdP)
- Protocol used
- Does the IdP verify that email addresses in the claimed domain(s) exist?
- Does the customer enforce multi-factor authentication (MFA)?
Once completed, you will receive a follow-up email advising on the next steps.
3. Validate domain ownership
- Next, Trimble will send you a key to use to validate your domain that will need to be added as a TXT record on your DNS server
- Trimble will validate the domain by verifying TXT records before continuing
4. Create federation
The configuration process may vary depending on your IdP. Below are the general steps:
- Trimble will send you the Reply or Redirect URL depending on your protocol
- Access your IdP configuration panel and update with the information received from Trimble
5. Provide configuration details to Trimble
Depending on your protocol, send Trimble the metadata and attribute mapping or issuer URL, client key and secret key.
6. Trimble configures the federation
Trimble will use the information you provided to update the federation on their end.
7. Test the federation
Before rolling out federation to all users, it is essential to test the configuration. Trimble will have associated the test users you provided earlier with the federated IdP.
- Initiate a test login: Instruct test users to sign in to the My Profile page using their organization email address. This step validates that the end-to-end login process is functioning as expected.
- Verify product access: Ensure that the user can successfully access their Trimble products without encountering license errors or access issues.
- Resolve any issues: Address any errors or misconfigurations identified during testing.
8. Arrange go live
It's important to provide Trimble with the date and time to enable federation for the entire domain.
Note: Trimble may have a specific day of the week on which federation is enabled and will communicate this with you.
9. Roll out to users
Once Trimble has enabled the federation, you can roll out to your users:
- Communicate the change: Inform your users about the new login process and provide any necessary instructions
- Monitor the rollout: Keep an eye on the rollout and be ready to address any issues or questions from users
- Provide support: Ensure that support resources are available to assist users with any login issues
Note: Once your domain is federated, all users using an email address with that Domain to log in to TID will use the federated IdP.
Conclusion
Federating with Trimble Identity can greatly enhance the user experience and security for your organization. By following these steps, you can ensure a smooth and successful federation process. For more detailed instructions and support, visit the Trimble Help Portal or contact your Trimble partner.
Disclaimer: The above steps provide a general overview of the federation process. Specific configuration details may vary based on your identity provider and organizational requirements.
1 These accounts should be employees who have access to the relevant Trimble products but will not be greatly impacted should any issues arise.