# SAML integration ### Overview SAML (Security Assertion Markup Language) is an open standard for securely exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).\ **Hideez Enterprise Server (HES)** supports SAML 2.0 and can act as an Identity Provider, enabling passwordless Single Sign-On (SSO) for enterprise applications. By integrating HES with third-party services, you can centralize user authentication and enforce modern security practices such as multi-f ### Setup Flow To set up SAML SSO using Hideez Enterprise Server as the Identity Provider: 1. **Prepare Metadata** * Export the SAML metadata file or SSO endpoint URL from your HES (available in Settings → Parameters → SAML). * Obtain the SAML metadata or ACS URL from the target Service Provider (SP). 2. **Configure the Service Provider (SP)** * In the SP's admin panel, register HES as a SAML IdP by uploading the HES metadata or manually entering the IdP SSO URL and certificate. * Specify the expected attributes (e.g., `email`, `username`) and map them if required. 3. **Configure HES as IdP** * In the HES admin console, go to Settings → Parameters → SAML. * Add a new Service Provider using the metadata or manual configuration (ACS URL, Entity ID, etc.). * Specify attribute mappings according to SP requirements. 4. **Assign Users** * Ensure the users exist in both HES and the SP (or use just-in-time provisioning if supported). * Confirm their email or username matches the attribute used in the SAML assertion. 5. **Test the SSO Integration** * Initiate a login request from the SP and verify redirection to HES for authentication. * Authenticate using any available passwordless method (passkey, mobile app, or Hideez Key). * On success, access to the SP should be granted without entering credentials. ### Supported Services You can configure SAML SSO with the following commonly used services: * [Atlassian](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/) * [CyberArk](https://docs.cyberark.com/identity/latest/en/content/coreservices/usersroles/partneradd.htm?Highlight=saml) * [Facebook](https://www.facebook.com/help/624731485413747) * [GitHub](https://support-cloud.hideez.com/integrations/saml-2.0-integration/configuration-of-saml-2.0-for-github-enterprise) * [Google Workspace](https://support-cloud.hideez.com/integrations/saml-2.0/google-workspace) * [LinkedIn](https://learn.microsoft.com/en-us/linkedin/learning/sso-auth/sso-docs/sso-implementation) * [Salesforce](https://help.salesforce.com/s/articleView?id=sf.sso_saml.htm\&type=5) * [Slack](https://slack.com/help/articles/205168057-Custom-SAML-single-sign-on) * [Zendesk](https://support.zendesk.com/hc/en-us/articles/4408887505690-Enabling-SAML-single-sign-on) * [Zoom](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0060673) {% hint style="info" %} you have any questions about these instructions or need support with using **Hideez Enterprise Server**, please contact our **Support** team at[ **support@hideez.com**.](mailto:support@hideez.com) If you need assistance with **server setup** or configuring **SAML**, our support team is also available to help. We’ll be happy to assist you! {% endhint %}