You can configure Hushly to provide SAML SSO for your users. The authentication of the user is done by any SAML provider you configure on your side and the user attributes like Email address are sent back to Hushly.
Overview of SAML
Security Assertion Markup Language (SAML) is a mechanism used for communicating identities between two web applications. It enables web-based Single-Sign-On and hence eliminates the need for maintaining various credentials for various applications and reduces identity theft.
How does SAML SSO in Hushly work?
- A user wants to log into Hushly using SAML SSO
- Hushly redirects the user to the login URL the Identity Provider, for example, Okta
- User enters their credentials and Okta validates the user
- Okta redirects the user to Hushlys’ Consumer Assertion URL and passes a SAML Assertion telling Hushly that the user is valid
- User Attributes like Email address, First name, and Last name of the user will be sent along with the Assertion by Okta to Hushly
- Hushly verifies Okta's certificate and grants the user access
SAML usually involves three things:
| A user | The person requesting the service. |
| A service provider | The application providing the service or protecting the resource. |
| An identity provider | The service/ repository that manages the user information. |
The user requests for a SAML SSO to access a resource that is protected by a service provider. The service provider requests the identity provider to authenticate the user. The identity provider checks the existence of the user and sends back an assertion to the service provider that may or may not include the user information. The communication between the identity and service providers happens in the SAML data format.
You can configure Hushly to act as a service provider in this mechanism. Choose to use your own SAML server to act as an Identity provider or some third party applications like OneLogin, Okta etc.
A quick guide to configuring SAML 2.0 SSO on Hushly:
- Log into your Hushly account as an Administrator
- Navigate to Setup > Security
- Toggle ‘Single sign-on’ ON
- Enter the following details (obtained from your SAML Identity provider)
- SAML Entity ID
- SAML SSO URL
- Logout URL
- Security Certificate
- Ensure your SAML responses are signed by default
- Click on Save
User Attributes recognized by Hushly
Hushly requires the following attributes from the Identity Provider to allow the user to login using SAML SSO.
| Attribute | Format | Necessity | Description |
| firstName | givenname | Optional (Recommended) | The first name of the user |
| lastName | surname | Optional (Recommended) | The last name of the user |
| member-of | unspecified | Optional | The groups to which the user belongs to, If the user belong to group hushly-admin he will be assigned Administrator role on Hushly side. |
The address of the user is the only required field that Hushly needs. Here is a sample code of how the email address is passed:
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">example@yourcompany.com</saml:NameID>
Fields required by your Identity Provider
The identity provider requires a Consumer Assertion (ACS) URL to which it redirects the user after the authentication. Hushly will provide a custom assertion URL for your account and you can use this URL to configure SAML in your Identity Provider. This information can be obtained under the single sign on section, in the Setup > Security page.
SP Entity ID is also provided by Hushly and can be found below the ACS URL. This helps the Identity provider to identity Hushly service provider (SP).
How to Login to Hushly with SSO
- Go to Hushly Login Page, Click on Login using SSO
- Enter your company domain or company name
- Click on Continue, You will be redirected to your IdP Login Page.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article