Setup Single Sign-On (SSO) for True Anthem Access

For Enterprise Professional Tier partners, True Anthem supports Single Sign-On (SSO) using the OpenID Connect (OIDC) standard. This guide provides the necessary information and steps to integrate True Anthem with your organization's identity provider, ensuring a seamless and secure authentication experience.

Step 1: Required Information for True Anthem

Once you have created the application in your OIDC provider, provide the following information to your True Anthem representative:

• Authentication Email Address Domain: The specific domain used by your users (e.g., @yourcompany.com). Note: We support one domain per customer.
• OIDC Client ID: Found in your Okta Application settings.
• OIDC Issuer URL: Your unique Okta domain URL.
• OIDC Client Secret: The secure secret key associated with the application.

Step 2: Technical Configuration Settings

To ensure the integration functions correctly, configure your Application as the follows:

Step 3: Redirect URIs and Web Origins

In your Application settings, configure following URLs

Login Redirect URIs (Callback URLs)

• Production: https://dashboard.trueanthem.com/__/auth/handler

• Test/Staging: https://app.elecktra.net/__/auth/handler 

  

Allowed Web Origins

• Production: https://dashboard.trueanthem.com/

• Test/Staging: https://app.elecktra.net/

  

Step 4: Verification

Before sending the credentials to True Anthem, verify your configuration by visiting your "well-known" endpoint:

[Your_Issuer_URL]/.well-known/openid-configuration

Ensure the response contains:

• grant_types_supported includes "authorization_code" and "refresh_token"
• response_types_supported includes "code"
• claims_supported includes "preferred_username" and "email"

Step 5: Test Account

To confirm the implementation is successful, provide True Anthem with a temporary Test Login Account. 

Once we have verified the SSO connection, this account can be safely removed from your system.