Advocacy: SAML Single Sign On

SAML-based Single Sign-on (SSO) gives users access to Haiilo through your company's identity provider (IdP). SAML adds an extra layer of security as it ensures that only your company's employees can join your company's Haiilo domain.

With SAML enabled, your users have to log in with their company credentials to access. This means you cannot invite users to join Haiilo anymore, but instead, users assigned to access Haiilo in your IT environment can join by clicking the "Login with Single Sign On" button on your company's login page.

Step-by-step setup instructions for the IdPs Entra ID, ADFS, Okta, Google Workspace, and OneLogin can be found at the bottom of this article.

How to set up SAML SSO

The below instructions are general and might not apply to all IdPs.

Navigate to Administration > Settings > Single Sign-On. Only a Company Admin can see the Single Sign-On option in the list.
Click "Download metadata file" from the settings in Haiilo. You will find the EntityId and Assertion Consumer Service (ACS) URL in the metadata.
Initialize creating a new Haiilo Service Provider application for your Identity Provider.
The Haiilo Service Provider supports the following attributes in the SAML assertion:
- EmailAddress (Required - case sensitive, cannot contain any other characters!)
- Givenname (Optional)
- Surname (Optional)
- Example of claims mapping in Entra ID:
After the configuration is completed in your IdP, please upload the metadata to Haiilo by clicking the "Upload metadata file" button.
Then, the "Test the configuration" button should become clickable. Click it to test that the configuration is active and valid. To test the configuration, you will be directed to log in through your IdP provider. If the login flow works and you access Haiilo, the configuration has been successful.
If everything works as expected, enable SAML by clicking on the switcher "Enable SAML"