Trainline Business Single Sign-On (SSO) with OpenID Connect : Trainline Customer Service

Single Sign-On (SSO) allows your employees to log into Trainline Business using their existing Identity Provider credentials, making authentication seamless and secure. To enable SSO, you must be on our Enterprise plan – you can request to enable it here.

What is SSO?

Single Sign-On (SSO) enables users to authenticate with the same credentials and gain access to multiple applications, without the need for multiple usernames and passwords. By using OpenID Connect, SSO integrates with identity providers (IdPs) like Microsoft Azure Active Directory/Microsoft Entra ID.

Benefits of SSO

Improved Security: Centralised authentication reduces the risk of weak passwords.
Better User Experience: Users log in and can access multiple platforms, including Trainline Business.
Streamlined Experience for Admins: Fewer password reset requests and easier user management when an employee leaves.

What kind of SSO does Trainline Business support?

We support SSO using any providers supported by the OpenID Connect (OIDC) protocol, including (but not limited to):

Microsoft Entra ID (Microsoft Azure Active Directory)
Okta
Ping Identity (PingFederate)
OneLogin
Keycloak
Google Identity Platform
Other Providers – if you use another OIDC-compliant provider, please specify in your request and we’ll get back to you

Setting Up SSO with Trainline Business

Prerequisites

Before you begin, ensure the following:

You have administrator privileges on your Identity Provider account.
Your organisation is on our platform Enterprise plan with SSO enabled.
You have decided how you’d like to invite users to our platform (see ‘Inviting users for SSO’ below).

How to set up SSO

Please complete this form to request SSO setup. As a part of your request you will be asked to provide:

The provider you use (e.g. Microsoft Entra ID)
Email Domains we need to support, for each business ID (e.g. example.com and example.co.uk)
Number of employees you expect to use Trainline Business
If you would like to request an upload & bulk invite of your employees

We may request access to a test environment and test user if you have one available. This allows us to speed up the set-up process and thoroughly test the integration before rolling it out to your employees.

Inviting users for SSO

We do not currently support provisioning or SCIM. For a user to log into the platform via SSO, they must be invited to the platform first. We recommend using our share link feature and sharing it with your employees, so they can sign up to the platform automatically – saving your admin time.

Need to invite many employees at once? Please specify in your request above that you’d like to access the bulk invite feature, which sends each employee an invite to your account on Trainline Business. Simply share a CSV file with the employee details, and we’ll take care of the rest.

FAQs

Can I use SAML? Currently, we only support OpenID Connect-compatible providers. Please submit the form above to check whether your provider is compatible.
What happens to existing employee accounts? Existing accounts can be linked to SSO during the first login attempt.
How can I update my SSO settings, or disable SSO? Reach out to our team here in order to request updates to SSO configurations or to disable SSO.
What are the timeframes you work towards for set up and updates to SSO configurations? We aim to complete the SSO setup within 10 working days of receiving your initial request, provided that all required information is shared with us promptly and we have access to a test environment. The same is for updates to existing configurations.
Once SSO is set up, can the users access the system without it? No, once SSO is enabled for a specific company account, users with accounts can only log in via SSO.
One of my employees has moved divisions. How can I change their access? You will need to remove them from the Trainline Business account (i.e. division) they are leaving, before adding them to the new one.
Does Trainline Business support Provisioning or SCIM? We do not currently support provisioning or SCIM. For a user to log into the platform via SSO, they must be invited via link first (or be invited individually via email).
What do I do when an employee leaves my company & I don’t want them to access Trainline Business anymore?
Users deactivated on SSO will not be able to log into Trainline Business due to SSO enforcement, which is handled by your Identity Provider.
To note: if your company used Trainline Business before implementing SSO, any users that had access via regular email/password will need to be manually removed by an admin via the employee management area.

undefined

Pour savoir si vous pouvez échanger votre billet et connaître le montant des frais d’échange éventuels, rendez-vous dans votre compte.

Seuls les dates et les horaires peuvent être modifiés : les gares de départ et d’arrivée doivent rester les mêmes.

Si vos billets ne peuvent être échangés en ligne, écrivez-nous ici pour que nous nous en chargions.

By setting up SSO, your organisation can provide a secure and seamless login experience for all users.

Browse Help by Category

Categories

Trainline Business Single Sign-On (SSO) with OpenID Connect