Single Sign-on Guide for Trimble Unity Maintain and Trimble Unity Permit Introduction
With the introduction of Trimble ID, Trimble Unity is transitioning from the traditional Single Sign-on (SSO) model that was connected with your ArcGIS Identity, to the new Trimble ID (TID) model that allows you to federate your enterprise provider directly with TID, and then have a separate GIS integration feature that works after the TID login. After the first initial log in with TID, the system automatically signs you in to ArcGIS to streamline the log in process. While both configurations are currently supported, they should be mutually exclusive setups. Organizations should select one primary method for their site.
In the traditional Trimble Unity Maintain and Permit SSO model, a Unity Maintain and Permit user is federated to an ArcGIS Identity (either ArcGIS Online or ArcGIS Portal), and then uses either ArcGIS built-in identity or federated identity (i.e., with an enterprise identity provider (IdP), such as Microsoft Entra ID (formerly Azure AD), ADFS, Okta, Google, etc).
In the new TID federation model, the Trimble Unity Maintain and Permit user is federated directly with the enterprise identity provider (IdP). The ArcGIS Identity integration is achieved through the separate TID/GIS integration feature.
| Trimble ID Federation |
Trimble ID No Federation |
Traditional Single Sign-on (Legacy) | |
|---|---|---|---|
| Primary Identity | Trimble ID |
Trimble ID |
ArcGIS Identity |
| Direct Federation | Enterprise IdP ↔ Trimble ID |
|
Unity Login ↔ ArcGIS Identity |
| GIS Connection | Handled through separate GIS integration feature |
Handled through separate GIS integration feature |
Direct ArcGIS login/identity |
| Implementation | Use this for a unified Trimble ecosystem and streamlined login using an existing IdP. |
Use this for a unified Trimble ecosystem and streamlined login using a Trimble ID login. |
Use this only if maintaining existing legacy GIS-centric workflows. |
Trimble ID Federation
With the introduction of Trimble ID federation, an organization can use their existing enterprise identity provider (IdP) to log in to Trimble ID. TID federation can be created with most established enterprise IdP solutions, such as Microsoft Entra ID (formerly Azure AD), ADFS, Okta, Google, using either Open ID Connect (OIDC) or SAML protocols. Additionally, GIS integrations can be set up in Trimble ID to automatically log in to ArcGIS at the same time the user logs in to Trimble ID.
- See Trimble ID Federation to set up TID federation.
Trimble ID with GIS Integration Login Workflow (with and without TID Federation)
See Log In Examples to see the exact workflow.
Single Sign-on (Traditional Setup)
Trimble Unity Single Sign-on allows users to log in to Trimble Unity using their ArcGIS Online or Portal for ArcGIS credentials, which is helpful for administrators who want to manage user passwords in ArcGIS Online or Portal for ArcGIS rather than Trimble Unity. Once Single Sign-on is configured for the site, the Collapse Default Login preference in Admin should be turned on. See Configure Global Preferences in the Admin Guide for Trimble Unity Maintain and Trimble Unity Permit for more information.
- See Traditional Single Sign-on through ArcGIS Credentials to set up Single Sign-on.
Traditional Trimble Unity Maintain and Permit Login Workflow (with and without GIS Single Sign-on)
NOTE: All images were taken on a Google Chrome browser steps, fields, and images are based on the latest version of Trimble Unity. There may be slight differences (i.e., functionality, fields, color branding, etc.) depending on the current version of Trimble Unity you are on.
