# SAML integration ### Overview SAML (Security Assertion Markup Language) is an open standard for securely exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).\ **Hideez Enterprise Server (HES)** supports SAML 2.0 and can act as an Identity Provider, enabling passwordless Single Sign-On (SSO) for enterprise applications. By integrating HES with third-party services, you can centralize user authentication and enforce modern security practices such as multi-f ### Setup Flow To set up SAML SSO using Hideez Enterprise Server as the Identity Provider: 1. **Prepare Metadata** * Export the SAML metadata file or SSO endpoint URL from your HES (available in Settings → Parameters → SAML). * Obtain the SAML metadata or ACS URL from the target Service Provider (SP). 2. **Configure the Service Provider (SP)** * In the SP's admin panel, register HES as a SAML IdP by uploading the HES metadata or manually entering the IdP SSO URL and certificate. * Specify the expected attributes (e.g., `email`, `username`) and map them if required. 3. **Configure HES as IdP** * In the HES admin console, go to Settings → Parameters → SAML. * Add a new Service Provider using the metadata or manual configuration (ACS URL, Entity ID, etc.). * Specify attribute mappings according to SP requirements. 4. **Assign Users** * Ensure the users exist in both HES and the SP (or use just-in-time provisioning if supported). * Confirm their email or username matches the attribute used in the SAML assertion. 5. **Test the SSO Integration** * Initiate a login request from the SP and verify redirection to HES for authentication. * Authenticate using any available passwordless method (passkey, mobile app, or Hideez Key). * On success, access to the SP should be granted without entering credentials. ### Supported Services You can configure SAML SSO with the following commonly used services: * [Atlassian](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/) * [CyberArk](https://docs.cyberark.com/identity/latest/en/content/coreservices/usersroles/partneradd.htm?Highlight=saml) * [Facebook](https://www.facebook.com/help/624731485413747) * [GitHub](https://support-cloud.hideez.com/integrations/saml-2.0-integration/configuration-of-saml-2.0-for-github-enterprise) * [Google Workspace](https://support-cloud.hideez.com/integrations/saml-2.0/google-workspace) * [LinkedIn](https://learn.microsoft.com/en-us/linkedin/learning/sso-auth/sso-docs/sso-implementation) * [Salesforce](https://help.salesforce.com/s/articleView?id=sf.sso_saml.htm\&type=5) * [Slack](https://slack.com/help/articles/205168057-Custom-SAML-single-sign-on) * [Zendesk](https://support.zendesk.com/hc/en-us/articles/4408887505690-Enabling-SAML-single-sign-on) * [Zoom](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0060673) {% hint style="info" %} you have any questions about these instructions or need support with using **Hideez Enterprise Server**, please contact our **Support** team at[ **support@hideez.com**.](mailto:support@hideez.com) If you need assistance with **server setup** or configuring **SAML**, our support team is also available to help. We’ll be happy to assist you! {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://enterprise.hideez.com/hideez-server-integration/saml-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.