TOTVS Identity Integration

This chapter has the goal to share details on how to enable the integration with TOTVS Identity.

TOTVS Identity is the official IDP solution for TOTVS. This product helps customers to solve basically two problems:

  • Centralize the management of users (adding/removing users).
  • Simplify the user's life by unifying all passwords in a single one.

Configuring TOTVS Identity

The first thing we need to do is to make sure we have an application on TOTVS Identity related to Carol. An application on TOTVS Identity will point to a single organization, providing the authentication to all environments and applications under this organization.

The following screenshots show how the configuration should look like:

28462846 28442844 28422842

The login tab requires more attention, and the following configuration must be provided:

Login Mode: SAML
SSO Init Type: SP_INITIATED
Binding: HTTP_REDIRECT
Login Page URL: https://{domain}.carol.ai/samlAuth/
Assertion Consumer URL: https://{domain}.carol.ai/api/v1/saml/ACS?orgSubdomain={domain}

ACS?orgSubdomain={domain}
Recipient: https://{domain}.carol.ai/api/v1/saml/ACS?orgSubdomain={domain}
Audience: https://{domain}.carol.ai/api/v1/saml/ACS?orgSubdomain={domain}
Name Id Format: Email Address
Sign Response: Yes
Encrypt Response: No
Assertion Signature: Yes
SP Issuer Name: Carol
User Id Mapping: User Email

Replace {domain} by your organization name (the domain of your Carol's environment).

Enabling the TOTVS Identity in Carol

The process to enable the TOTVS Identity in Carol starts on Organization Level. First, you go on Organization Settings, as the following screenshot:

26762676

You need to copy the Token from the TOTVS Identity application, as the following screenshot:

31463146

Provisioning users

Carol provision the users automatically during the login, in case the user does not exist in Carol.

In the previous topic, we enabled the provisioning of new users (Just in Time), which means that Carol will sync all users and create those users in Carol.

This process runs automatically every night, the main goal is to make all users available in Carol so we can review the user's access and permissions to access environments.

In Carol, we can manage the user's environment when maintaining the user, as follow in the next screenshot:

26522652

Disabling TOTVS Identity

When TOTVS Identity integration is enabled, all login go through TOTVS Identity. In case we need to disable the integration, we need to login in Carol as Organization Admin, from this URL:

https://poffo.carol.ai/carol-org/

After that we can uncheck the configuration that enables the integration with TOTVS Identity:

22682268