SAML integration
Overview
SAML (Security Assertion Markup Language) is an open standard for securely exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). Hideez Enterprise Server (HES) supports SAML 2.0 and can act as an Identity Provider, enabling passwordless Single Sign-On (SSO) for enterprise applications. By integrating HES with third-party services, you can centralize user authentication and enforce modern security practices such as multi-f
Setup Flow
To set up SAML SSO using Hideez Enterprise Server as the Identity Provider:
Prepare Metadata
Export the SAML metadata file or SSO endpoint URL from your HES (available in Settings → Parameters → SAML).
Obtain the SAML metadata or ACS URL from the target Service Provider (SP).
Configure the Service Provider (SP)
In the SP's admin panel, register HES as a SAML IdP by uploading the HES metadata or manually entering the IdP SSO URL and certificate.
Specify the expected attributes (e.g.,
email,username) and map them if required.
Configure HES as IdP
In the HES admin console, go to Settings → Parameters → SAML.
Add a new Service Provider using the metadata or manual configuration (ACS URL, Entity ID, etc.).
Specify attribute mappings according to SP requirements.
Assign Users
Ensure the users exist in both HES and the SP (or use just-in-time provisioning if supported).
Confirm their email or username matches the attribute used in the SAML assertion.
Test the SSO Integration
Initiate a login request from the SP and verify redirection to HES for authentication.
Authenticate using any available passwordless method (passkey, mobile app, or Hideez Key).
On success, access to the SP should be granted without entering credentials.
Supported Services
You can configure SAML SSO with the following commonly used services:
Last updated
Was this helpful?