SAML-just-in-time Single Sign-on (SSO) allows users to access Haiilo through your company's identity provider (IdP). SAML ensures that only authorized employees can join the company's Haiilo platform, adding an extra security layer. To accompany SSO, you can use SCIM user provisioning to automatically add, update, and remove users.
With SSO enabled, your users have to log in to the platform with their company credentials by selecting Login with Single Sign On on your company's login page. Only users who have been assigned to the application in your identity provider will be able to access the platform.
To set up SSO, you need to complete steps both in your identity provider and in Haiilo's Administration.
Set up SSO in Haiilo
Download the metadata from Haiilo
- Navigate to Administration > Settings > Single Sign-On. Only a Company Admin can see the Single Sign-On option in the list.
- Select Download metadata file from the settings in Haiilo.
Setup SSO in your identity provider
The below instructions are general. For IdP-specific instructions on setting up a SAML application, view your identity provider's documentation or our IdP-specific setup guides:
- Start the setup of a new Haiilo Service Provider application in your identity provider. The information that you need for the setup can be found in the metadata you downloaded in the previous step.
- Configure claims mapping. The Haiilo Service Provider supports the following attributes in the SAML assertion:
-
EmailAddress
(Required - case sensitive, cannot contain any other characters and must include capital E and A) -
Givenname
(Optional) -
Surname
(Optional)
-
- Assign users to the application in your identity provider. Only the users that are assigned will be able to log in to Haiilo.
- After setting up the application in your identity provider, download its metadata
Upload metadata in Haiilo
- Go back to Haiilo's Administration and upload the metadata by selecting Upload metadata file.
- Then, select Test the configuration. You will be directed to log in through your identity provider. If the login flow works and you can access Haiilo, the configuration has been successful.
- If you receive an error from Haiilo, please see the I get an "Oops" error with SAML SSO. Why? article
- If you receive an error from your identity provider, please ensure your account has been assigned to the application and you are allowed to access it.
- If everything works as expected, enable SAML toggling the Enable SAML switcher