Hideez Authentication Service (EN)
  • Hideez Authentication Service for Enterprises
    • Release notes
    • Key features of the Hideez Authentication Service in 5 minutes
  • Quick Start Guides
    • Hideez Authenticator Mobile app guide
    • Hideez Key guide
    • Passkey guide
    • FIDO Security Key guide
      • Activation FIDO key and setting PIN code
    • Quick Start Guide for subscriptions
      • Hideez Security Key
      • Hideez Authenticator App
      • Passkeys
    • Guide for Hideez Enterprise Server on Cloud
      • Passkeys
      • Mobile app
      • Hideez Key
  • Use cases
    • Hideez Authenticator Mobile App
      • Passwordless PC login
      • Password-based PC login
      • SSO login to Webservises (FIDO2) via mobile app
        • Using Hideez Authenticator as your passwordless authentication method for SSO
      • Using Hideez Authenticator as your two-factor authentication method for SSO
      • OTP generation by Hideez Authenticator App for 2FA
      • RDP login by Hideez Authenticator App
      • Remote PC lock
    • Hideez Key
      • Proximity Lock
      • Proximity Unlock
        • Unlock PC by Hideez Dongle Touch (Tap-and-Go)
      • Changing a Domain User Password on the Hideez Server
      • Proximity settings (guide for admin)
      • Automatic RDP Launch and Logon
      • Password manager and OTP generator
      • OTP manager for two-factor authentication
    • FIDO Security Key
      • SSO login to Web Servises via Hardware Key (FIDO2)
      • Passwordless PC Login to Entra ID (Azure AD).
      • Using Hideez Key as U2F security key for your two-factor authentication
      • Other vendors' hardware keys
    • Passkey
      • SSO login to Web Services (FIDO2) via Passkey and Hideez Server as Identity Provider
    • Emergency blocking of all computers
    • Employee's account disabling
  • Hideez Enterprise Server
    • Hideez Enterprise Server
    • Glossary
    • Hideez Server Architecture
    • Deployment
      • Database installation
        • MySQL on Windows
        • MySQL on Linux
        • Microsoft SQL Server on Windows
        • Microsoft SQL Server on Linux
      • HES deployment
        • Windows
        • Linux
        • Docker
        • Deployment without Internet access
        • Troubleshooting
      • HES update
        • Windows
        • Linux
        • Docker
      • Publishing on-premises HES for remote users
    • Administration
      • How to change the password for an administrator account?
      • How to recover a forgotten admin password?
      • Adding an admin account
      • Deleting an admin account
      • How to enable two-factor authentication at the Hideez Enterprise Server?
      • Authorization on the HES server via a FIDO key
      • Platform authentication on the HES server
      • Connecting Linux server to Active Directory
      • Setting Hideez Server parameters
      • Configuring DNS server
      • Setting up a Proxy for Mobile App Access to HES
      • How to create and set Hideez Key Access Profiles
      • How to manage companies and departments?
      • How to manage Positions?
      • Enable load balancing
      • Data Protection
    • Dashboard
      • Information about the server
      • Information about employees
      • Information about devices
      • Workstations Information
    • Employees
      • How to add an Employee?
      • Employees management
      • Employee management with Active Directory
    • Workstations
      • How to add and approve Workstations?
      • Workstations management
      • Workstation Profiles
      • Use Proximity Unlock Workstations
    • Hardware Vaults
      • How to add Hideez Key into the Server
      • Assign a key to the user
      • Remove the key from the Employee
      • Set a profile for a Hardware Vault
      • How to see an RFID code on the Employee key?
    • Accounts
      • Creating personal employee accounts
      • Creating shared employee accounts
      • Personal account management
      • Shared account management
      • Accounts backup and restore
      • How to work with the account template?
    • Keys Management
      • Keys Statuses
      • Transition to Reserved status
      • Keys Activation mechanism
      • Cancel issuance of Hideez Key (Reserved -> Ready)
      • Transition to Suspended status
      • Transition to Locked status
      • Transition to Deactivated status
      • Transition to Compromised status
      • Removing the Locked status
      • Wipe procedure
      • Delete key from Hideez Server
    • Audit
      • Workstation events
      • Workstation Sessions
      • Summaries
    • Single Sign On settings
      • How to get employee licenses
      • Admin settings
      • User settings
    • Configuring SAML Protocol
    • Configuration OIDC (OpenID Connect)
  • Hideez Server Integration
    • Active Directory Integration
      • Synchronization and import employees from Active Directory
      • Import and Sync Users from Active Directory
      • Import and sync users from Active Directory with domain password changing
      • How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
    • SAML integration
      • ASA AnyConnect VPN
      • Citrix services
      • Fortinet services
      • GitHub Enterprise
      • GitLab on premises
      • Google Workspace
      • Microsoft Exchange for Authentication via SAML
        • ADFS Installation
      • Okta (SAML)
    • Open ID Connect integration
      • Hideez Server as an External Authentication Method for Microsoft Entra ID via OIDC
      • OKTA (OIdC)
    • WS-Federation integration
      • Configure Exchange Outlook Web Application and Exchange Admin Center
  • Hideez Client App
    • Hideez Client deployment
      • Installation of the Hideez Client Application
      • Deploying Hideez Client MSI via GPO (Group Policy Object)
      • Configuration app
      • Uninstall Hideez Client app
      • Uninstalling via GPO
      • Upgrade Hideez Client
      • Downgrade Hideez Client
    • Application interface
      • General Settings
      • Logon settings
      • Aditional settings
      • Configuring hotkeys
    • Account management
      • Account creation
      • Editing an Existing Account
      • Deleting your account
    • Shortcuts
    • Remote Vault connection
    • Mobile Authenticator
  • Hideez Authenticator App
    • Quick overview
    • Admin guide
      • Setup for PC login scenario
        • Passwordless PC Login Setup
          • Configuring an Active Directory Certification Authority
          • Hideez Enterprise Server setup for passwordless login
        • Password-based PC login Setup
      • Setup for SSO login scenario
    • User guide
      • Mobile App Primary Setup
      • App enrollment on Hideez Server
        • Enroll the application on Hideez Server for SSO
          • SSO enrollment (admin account)
          • SSO enrollment (user account)
        • PC Authorization Enrollment
          • Enrollment for Passwordless PC Authorization
            • Passwordless account re-enrollment
          • Enrollment for Password-based PC Authorization
            • Account roaming
      • Login with Hideez Authenticator
        • SSO login
        • PC login
          • Offline passwordless login
          • Login to the remote PC via RDP
      • PC lock
      • OTP generation
      • Software key disabling
        • PC logon disabling
        • SSO logon disabling
      • Service operations
  • Hideez Key (Enterprise Edition)
    • Hideez Key (Enterprise Edition)
    • Technical Specifications
      • Technical specifications Hideez Key 3
      • Technical specifications Hideez Key 4
    • Principles of operation
    • Device Layout
    • Battery maintenance
    • Hideez Key modes
    • How to update the Hideez Key (Enterprise) firmware
    • How to enter credentials with the Hideez Key
    • How to unlock PC
    • Key for Physical doors
  • Product Updates
    • Product updates
    • Hideez Enterprise Server updates
    • Hideez Key firmware updates
    • Hideez Client updates
    • Hideez Authenticator updates
  • API
    • Hideez Enterprise Server web API
  • FAQ
    • How-to's
      • How to add an Employee?
      • How to add personal user account on HES?
      • How to assign Hideez Key to a user?
      • How to activate Hideez Key?
      • How to unlock Hideez Key on HES?
      • How to unlock PC with Hideez Key?
      • How to setup proximity PC unlock?
      • How to use Hideez Key on remote PC?
      • How to enroll the Hideez Authentication app on HES for SSO?
      • How to login on HES with Hideez Authenticator?
      • How to enroll the Hideez Authentication app for PC login?
      • How to login to PC with Hideez Authenticator?
      • Enable QR Code Display for Hideez Authenticator on the Lock Screen of a Windows Remote Workstation
    • Hideez Client App
      • What do I do if I see the message "Connection failed. Trying to re-bond device"?
      • What do I do if the connection with the HES server cannot be established?
      • What should I do if the Password Manager menu item is not displayed?
    • Hideez Enterprise Server
      • How to view logs at Hideez Enterprise Server?
    • Setting Up Gmail with HES
    • Hideez Authenticator
      • QR code is not displayed at the credential provider on my PC
      • I have registered successfully but cannot login
      • What do I do if I changed domain and cannot login now
      • Does the Hideez App collect or transmit data from the phone to third parties or services?
    • Hideez Key
      • What physical conditions are dangerous for the Hideez Key?
      • Is the Hideez Key allowed on planes?
  • Documentation portal
Powered by GitBook
On this page
  • To set up Hideez Server as an IdP, follow these steps:
  • Configuring Hideez Server as an Identity Provider (IdP)
  • Adding SP (Service Provider)
  • Here's a list of web applications (SP) where Hideez Server can be implemented as an Identity Provider (IdP):

Was this helpful?

  1. Hideez Enterprise Server

Configuring SAML Protocol

Hideez Enterprise Server – SAML Protocol

Hideez Enterprise Server supports SAML 2.0 (Security Assertion Markup Language) for secure user authentication, acting as an Identity Provider (IdP) for single sign-on (SSO) across web applications (Service Providers, SP) that support SAML 2.0. By setting up Hideez Server as an IdP, organizations can simplify login processes for users across integrated web applications.

Key Features

With Hideez Server’s support for FIDO2 passwordless authorization, service providers gain the ability to authenticate users through:

  • Hardware security keys (e.g., YubiKey)

  • Passkeys

  • Hideez Authenticator App

Supported Sign-in Options

  • Username + password (not recommended)

  • Username + password + second factor (security key: hardware or platform, OTP, mobile authenticator)

  • Passwordless

    • Username + Security key (hardware or platform)

  • Passwordless, User nameless (without typing login and password)

    • Security key (hardware or platform)

    • Mobile authenticator

To set up Hideez Server as an IdP, follow these steps:

  • Configuring Hideez Server as an Identity Provider (IdP)

  • Adding SP (Service Provider)

When a user logs into an application through SAML, the Hideez ( as an IdP) transmits a SAML assertion to the user's browser, which is then forwarded to the Web application (as an SP). Then Hideez Server authenticates the user.

Since Hideez Server supports FIDO2 passwordless authorization, service providers automatically get the ability to authorize with hardware security keys without having to create and enter passwords.

Thanks to Hideez Server's support for FIDO2 passwordless authorization, Service Providers (web applications) gain the ability to authorize users using hardware security keys, Passkey, and Hideez Authenticator App, eliminating the need to create or enter passwords.

Supported sign-in options:

  • Username + password (not recommended)

  • Username + password + second factor (security key: hardware or platform, OTP, mobile authenticator)

  • Passwordless

    • Username + Security key (hardware or platform)

  • Passwordless, Usernameless (without typing login and password)

    • Security key (hardware or platform)

    • Mobile authenticator

Configuring Hideez Server as an Identity Provider (IdP)

Hideez Server (IdP) and Service Providers (SP, i.e., web applications) must exchange public key certificates or metadata.

  1. Go to Parameters →Settings → SAML.

  2. Here you can get the necessary data that you have to provide your Service Provider:

  • Download metadata

  • View metadata

  • Download certificate

Adding SP (Service Provider)

  1. Click Add Service Provider

  1. In the opened tab file, the corresponding fields:

Issuer - a random unique SP name you need to copy from the SP settings or extract from the metadata file.

Assertion Consumer Service – the login address on the side of the service provider. Redirection is done to this address following the successful login through the Hideez Server. Single Logout Service – the address to log out of the account. If you exit Hideez Server, this URL is opened in the loop for all web applications. Public x509 Certificate – the public key certificate of the service provider.

Some Service Providers provide users with metadata files. In this case, all required fields will be filled in automatically after importing the metadata file.

Otherwise, you can configure settings manually. In this case, the settings depend on the specific Service Provider.

You can download metadata files from your computer:

  1. Attribute Mapping

When a user authenticates through SAML, Hideez Server generates a SAML assertion that contains information about the user (such as their name, email, roles, etc.). Attribute Mapping specifies how these attributes are matched and passed from the Hideez Server (IdP) to the SP, and how they are subsequently used by the SP for authorization and access control.

  1. Assertion Attributes.

These attributes are provided by the Hideez Server (IdP) in a SAML assertion to the Service Provider (SP) during the authentication process. The Service Provider uses these attributes to make authorization decisions and personalize the user's experience within the application.

Attribute names and formats are typically defined and agreed upon by Hideez Server (IdP)and SP during the configuration of the SAML integration. This allows for seamless information exchange between the two entities.

Attribute Mapping and Assertion Attributes could be configured automatically after downloading the metadata file.

After filling in and saving all the settings, you can check the integration by logging into the service provider. You should be redirected to the HES authentication page, where you will need to enter your username (email) and pass the security key verification.

Please, see some use cases for how to configure Hideez as IdP on web services:

  • Citrix

  • Fortinet

  • ASA AnyConnect VPN

  • GitLab on premises

Here's a list of web applications (SP) where Hideez Server can be implemented as an Identity Provider (IdP):

  1. Microsoft Office 365

  2. Salesforce

  3. Slack

  4. Dropbox business

  5. Zoom

  6. Atlassian (Jira, Confluence)

  7. Amazon Web Services (AWS)

  8. GitHub

  9. GitLab

  10. Zendesk

  11. VMware

  12. Adobe Creative Cloud

  13. Box

  14. Okta

  15. Cisco Webex

Please see examples of services on how to integrate SAML 2.0 on Hideez Server.

Last updated 5 months ago

Was this helpful?

While the list provided is not exhaustive, each web service may have its own specific configuration. If you require assistance in integrating your web app with Hideez Server using SAML, don't hesitate to . We're here to help.

contact us