This guide refers to using SSO to authenticate access to your endpoints. You cannot use these instructions to set up SSO for logging into your ngrok account in the dashboard.
- Restrict access to ngrok tunnels only to users authenticated via Wallix Trustelem
- Use Wallix Trustelem security policies and MFA authenticators
- Use Wallix Trustelem’s Dashboard to facilitate access to ngrok apps
What you’ll need
- A Wallix Trustelem account with administrative rights to create apps.
- An ngrok Enterprise account with an authtoken or admin access to configure edges with SAML.
1. Configure Wallix Trustelem
- Access the WALLIX Trustelem administration console and sign in using your Trustelem account.
- On the Dashboard page, click Apps on the left menu, click Add an application and click the SAML 2 application tile in the Generic models section.
- On the Settings popup, enter
ngrok samlin the Name field, click Save, click Download metadata files, save the XML file on your desktop, and then click Close.
2. Configure ngrok
To configure an edge with Wallix Trustelem:- Access the ngrok Dashboard and sign in using your ngrok account.
- On the left menu, click Universal Gateway and then click Edges.
- If you don’t have an edge already set to add Wallix Trustelem SSO, create a test edge:
- Click + New Edge.
- Click Create HTTPS Edge.
- Click the pencil icon next to “no description”, enter
Edge with Trustelem SSO SAMLas the edge name, and click Save.
- On the edge settings menu, click SAML.
- On the SAML page, click Begin setup, click Upload XML, and then open the XML metadata file you downloaded from Wallix Trustelem (See Configure Wallix Trustelem).
- Click Save at the top.
- On the SAML page of your ngrok edge, make note of the URL of both the Entity ID and ACS URL fields.
3. Link Wallix Trustelem with ngrok
- On the WALLIX Trustelem administration console, click Apps on the left menu, and then click your application.
- On the Settings popup, click Edit, paste the Entity ID URL in the EntityID field and the ACS URL URL in the Assertion Consumer Service field. You copied both URLs from the previous step.
- Click Save.
4. Start a tunnel
-
Access the ngrok edges page, click your edge, and then click Start a tunnel.
This step assumes you have an app running locally (for example, on
localhost:3000) with the ngrok client installed. - Click the copy icon next to the tunnel command.
-
Launch a tunnel:
- Launch a terminal.
- Paste the command but replace
http://localhost:80with your localhost app address (such ashttp://localhost:3000). - Press Enter and an ngrok tunnel associated with your edge configuration will launch.
-
To confirm that the tunnel is connected to your edge:
- Return to the ngrok dashboard.
- Close the Start a tunnel and the Tunnel group tabs.
- Refresh the test edge page. Under traffic, you will see the message You have 1 tunnel online. Start additional tunnels to begin load balancing.
- In the test edge, copy the endpoint URL. You use this URL to test the Wallix Trustelem authentication.
Grant access to Wallix Trustelem users
Wallix Trustelem allows their users to access SAML-integrated apps. To create a user, follow the instructions below:- On the left menu of the WALLIX Trustelem administration console, click Users and then click Create User.
- Enter values for First Name, Last Name, and Primary Email fields, and then click Save.
Test the integration
- In your browser, launch an incognito window.
- Access your ngrok tunnel (for example,
https://trustelem-sso-test.ngrok.appor using the copied endpoint URL). - You should be prompted to log in with your Wallix Trustelem credentials.
- After logging in, you should be able to see your web app.