Step by Step – TrustedDialog MFA and SSO with PhenixID Authentication Services


This document will guide you through the steps to enable multi-factor authentication and SSO for TrustedDialog (

System Requirements

  • PhenixID Authentication Server 2.0 or higher
  • TrustedDialog SAML SP Metadata XML file


Configure PhenixID Authentication Services as Identity Provider

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Fetch the mail, displayName and userID attributes from the user store. Attribute names may differ depending on user store type.
    For Active Directory, sAMAccountName is the userID attribute to fetch
  3. Go to Scenarios->Federation-><YOUR_IDP>->Execution Flow
  4. Make the following adjustments:
    1. Rename the properties to OID-values in the Execution Flow:
      userID (sAMAccountName) -> urn:oid:0.9.2342.19200300.100.1.1
      mail -> urn:oid:0.9.2342.19200300.100.1.3
      displayName -> urn:oid:2.16.840.1.113730.3.1.241
    2. Use the OID properties in the AssertionProvider config.
      – userID OID as nameID
      – All OIDs above as additional attributes

  5. Save.
  6. Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”.
  7. Save.
  8. Then export your SAML IdP metadata by going to the URL:
    and download the metadata to a xml file.
  9. Open the SAML IdP metadata xml file in a text editor
  10. Strip out the tags EntitiesDescriptor (both start and end tag) and Signature.
    The xml should now start with this:
    <?xml version=”1.0″ encoding=”UTF-8″?><md:EntityDescriptor…..

    and end with:


  11. Save the SAML IdP metadata xml file metadata file.

Configure TrustedDialog

  1. Distribute the SAML IdP metadata xml file to the TrustedDialog system administrator.
  2. The TrustedDialog system administrator will now configure TrustedDialog to connect to PhenixID Authentication Services SAML Identity Provider.
  3. [Optional] If TrustedDialog is to be added as a portal item in MyApps, the TrustedDialog administrator must provide the TrustedDialog start logon URL.

Add TrustedDialog as Service Provider in PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add TrustedDialog SAML SP Metadata by uploading the TrustedDialog SAML SP Metadata.

Optional: Add TrustedDialog as portal item in PhenixID MyApps portal

  1. Add an additional item to MyApps using this instruction:
  2. Populate new item with these values:
    1. URL = <TrustedDialog start logon URL from previous chapter>
    2. applicationName = TrustedDialog


Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID -