Skip to main content

Documentation Index

Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

This guide refers to using SSO to authenticate access to your endpoints. You cannot use these instructions to set up SSO for logging into your ngrok account in the dashboard.
This guide walks you through configuring Wallix Trustelem as the primary Identity Provider for ngrok tunnels using single sign-on (SSO). By integrating Wallix Trustelem SSO with ngrok, you can:
  • Restrict access to ngrok tunnels only to users authenticated via Wallix Trustelem
  • Use Wallix Trustelem security policies and MFA authenticators
  • Use Wallix Trustelem’s Dashboard to facilitate access to ngrok apps

What you’ll need

  • A Wallix Trustelem account with administrative rights to create apps.
  • An ngrok Pay-as-you-go account with an authtoken or admin access to configure endpoints with SAML.

1. Configure Wallix Trustelem

  • Access the WALLIX Trustelem administration console and sign in using your Trustelem account.
  • On the Dashboard page, click Apps on the left menu, click Add an application and click the SAML 2 application tile in the Generic models section.
  • On the Settings popup, enter ngrok saml in the Name field, click Save, click Download metadata files, save the XML file on your desktop, and then click Close.

2. Configure ngrok

The SAML Traffic Policy action is currently in developer preview. Request access to configure SAML via Traffic Policy.
Once you have developer preview access, create a policy.yaml file with the following content, replacing YOUR_IDP_METADATA_XML with the IdP metadata XML from Wallix Trustelem: 
on_http_request:
  - actions:
      - type: saml
        config:
          idp_metadata: 'YOUR_IDP_METADATA_XML'
The SAML action generates your ngrok SP Entity ID and ACS URL based on your endpoint URL. Refer to the SAML action documentation for how to retrieve these values to complete your IdP configuration.
  • On the WALLIX Trustelem administration console, click Apps on the left menu, and then click your application.
  • On the Settings popup, click Edit, paste the SP Entity ID in the EntityID field and the ACS URL in the Assertion Consumer Service field. Retrieve both values from the SAML action documentation (see Configure ngrok).
  • Click Save.

4. Start a tunnel

This step assumes you have an app running locally (for example, on localhost:3000) with the ngrok client installed.
Run the following command, replacing 3000 with your local web app port and YOUR_DOMAIN with your ngrok domain: 
ngrok http 3000 --traffic-policy-file policy.yaml --url YOUR_DOMAIN
Copy the URL next to Forwarding. You use this URL to test the Wallix Trustelem authentication.

Grant access to Wallix Trustelem users

Wallix Trustelem allows their users to access SAML-integrated apps. To create a user, follow the instructions below:
  • On the left menu of the WALLIX Trustelem administration console, click Users and then click Create User.
  • Enter values for First Name, Last Name, and Primary Email fields, and then click Save.

Test the integration

  • In your browser, launch an incognito window.
  • Access your ngrok tunnel (for example, https://trustelem-sso-test.ngrok.app or using the copied endpoint URL).
  • You should be prompted to log in with your Wallix Trustelem credentials.
  • After logging in, you should be able to see your web app.