Administrators: Federated Single Sign-On for the Thomson Reuters Account

Federated SSO requirements

Supported Technologies

Thomson Reuters uses the PingFederate solution from Ping Identity to provide Federated Single Sign-On. Thomson Reuters supports the SAML 2.0 protocol and SP-initiated SSO using the Browser/POST profile.

Unsupported Technologies

Thomson Reuters does not support any other SSO protocol, including all non-standard customer-specific custom protocols.

Infrastructure Requirements

Federated Single Sign-On requires infrastructure on your Workforce IAM service that supports the SAML 2.0 federation protocol. Please note that Thomson Reuters does not provide code or end-user support for third party identity management solutions. Your IT department must manage your own Single Sign-On server deployments and work with the vendor of your library or server product for end-user support. 

Implementation Duration

The duration of a Single Sign-On implementation depends almost entirely on your IT department’s familiarity with the process and any testing and transition requirements you have.
If you have the necessary Single Sign-On infrastructure in place and you are already federating with one or more  external partners, implementations can often be completed and tested in under a week.
If you have the necessary Single Sign-On infrastructure in place but you have never used the Single Sign-On feature, plan for a longer implementation as you acquire the necessary in-house knowledge to use your system for Single Sign-On.  The vendor of your identity provider solution can assist you with this.
If you do not have the necessary Single Sign-On infrastructure and have no prior knowledge of the process, several months are required to implement a solution. You must purchase, test, and deploy to your  production environment while acquiring the necessary in-house knowledge to use your new systems.
Using custom programming for SAML Single Sign-On instead of network infrastructure typically takes longer than using off-the-shelf network solutions.  Custom programming projects are difficult to predict.  Again, it depends entirely on your organization and how well your programmers understand the protocol requirements and libraries used to handle the Single Sign-On protocol details.

Summary of Supported SSO Standards

  • Only the SAML 2.0 protocol with the Browser/POST profile.
  • Exchanging SAML metadata XML files for defining the SAML connection.
  • For digital signatures, signing of either the entire SAML Response, or just the SAML Assertion inside the Response.
  • XML Encryption of either the entire SAML Assertion or just the SAML NameIdentifier, however we do not normally enable this unless the customer requires it, because we only expose a TLS-encrypted connection to our SSO server and so the entire communication is already encrypted.
  • Using self-issued X.509 certificates for both digital signatures and encryption.
  • SP Initiated SSO flows.
  • Signed authentication requests, but do not normally enable this unless requested by the customer.
  • Thomson Reuters applications do not currently support SCIM for user provisioning.