SAML-based Single Sign-on (SSO) gives users access to Haiilo through your company's identity provider (IdP). SAML adds an extra layer of security as it ensures that only your company's employees are able to join your company Haiilo domain.
With SAML enabled, your users have to log in with their company credentials to access. This means you cannot invite users to join Haiilo anymore, but instead, users assigned to access Haiilo in your IT environment can easily join with the click of a button on your Haiilo subdomain.
Instructions for setup for the IdPs Azure, ADFS, Okta, Google Workspace, and OneLogin can be found at the bottom of this article.
How to set up SAML SSO
The below instructions are general and might not apply to all IdPs.
- Ask your dedicated Customer Success specialist from Haiilo to enable SAML SSO setup for your company Haiilo domain. Once this has been enabled from Haiilo's side, a Single Sign-On-option will become visible under the Settings tab in the left-side list. Only a Company Admin will be able to see the Single Sign-on option in the list.
- Click Download metadata file from the settings in Haiilo. You will find the EntityId and Assertion Consumer Service (ACS) URL in the metadata.
- Initialize the creation of a new Haiilo Service Provider application for your Identity Provider.
- The Haiilo Service Provider supports the following attributes in the SAML assertion:
- EmailAddress (Required - case sensitive, cannot contain any other characters!)
- Givenname (Optional)
- Surname (Optional)
- Example of claims mapping in Azure:
- After the configuration is completed in your IdP, please upload the metadata to Haiilo by clicking the 'Upload metadata file'-button.
- After this the Test the configuration-button should become clickable. Click it to test that the configuration is active and valid. To test the configuration, you will be directed to log in through your IdP provider. If the login flow works and you access Haiilo, the configuration has been successful.
- If everything works as expected, enable SAML by clicking on the switcher:
If you run into any issues during setup or after enabling SAML, please refer to our FAQ article for possible solutions.
IdP-specific setup guides
- Setup_SAML_on_Google_Workspace.pdf400 KB
- Setup_SAML_on_Azure.pdf500 KB
- Setup_SAML_on_OneLogin.pdf400 KB
- Setup_SAML_on_Okta.pdf200 KB
- Setup_SAML_on_ADFS.pdf3 MB