Configuring SAML Protocol
Hideez Enterprise Server – SAML Protocol
Introduction of SAML protocol for Single Sign On
Key Features
With Hideez Server’s support for FIDO2 passwordless authorization, service providers gain the ability to authenticate users through:
Hardware security keys (e.g., Hideez Key, YubiKey, etc.)
Passkeys (e.g., smartphones, laptops)
Hideez Authenticator App
Supported Sign-in Options
Username + password (not recommended)
Username + password + second factor (security key: hardware or platform, OTP, mobile authenticator)
Passwordless, User nameless (without typing login and password)
Steps to Configure Hideez Server as an Identity Provider (IdP)
1. Set Up Hideez Server as an IdP
1. Access SAML Configuration:
In the Hideez Server dashboard, navigate to Parameters → Settings → SAML.
2. Download or Create .pfx Certificate
The .pfx certificate contains both the public certificate and private key. You can:
Download an existing certificate: Select the certificate, enter the password, and download.
Create a new self-signed certificate: Click Create and Download, enter the password, and download.
3. Download or View IdP Components
Identity Provider Public Certificate (.cer): Contains only the public key and is used for server authentication and data encryption.
Identity Provider Metadata: Provides essential IdP details required for interaction with SPs.
2. Add Service Provider (SP)
1. Configure Settings on the Service Provider Side (SP)
Here’s an example for Google Workspace:
Go to admin.google.com.
Navigate to Menu → Security → Authentication → SSO with third-party IdP.
Under Third-party SSO profiles, click Add SAML profile.
Enter a profile name (e.g., "Hideez Server (IdP)").
Paste values from Hideez Server:
Issuer / IdP Entity ID (
e.g., https:// <your hideez server name>
) (1)Login URL (
e.g., https:// <your hideez server name>/saml/login
) (2)Logout URL (
e.g., https:// <your hideez server name>/saml/logout
) (3)Upload the Identity Provider public certificate (.cer) file (4).
2. Add Service Provider in Hideez Server (IdP)
In Hideez Server, click Add Service Provider and enter the SP values:
Name (e.g.,
Google Workspace-SAML
)Issuer / SP Entity ID (e.g.,
https://accounts.google.com/samlrp/unique-id
) (1)ACS URL (e.g.,
https://accounts.google.com/samlrp/unique-id/acs)
(2)Click Add
3. Advanced Service Provider Settings
Single Logout Service: SP endpoint for terminating sessions during logout. Obtain this URL from the SP settings.
Name ID Format: Set based on SP requirements (Email, x509, etc.).
Enable Request Signature Validation: Adds security by validating incoming SAML requests.
Assertion Attributes: Configure attribute mappings to transfer necessary user details to the SP.
Some use cases for how to configure Hideez as IdP on web services:
List of web applications (SP) where Hideez Server can be implemented as an Identity Provider (IdP):
Last updated
Was this helpful?