You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
Using Custom SAML for Single Sign On (SSO)
print icon

HappyFox provides Secure Assertion Markup Language (SAML), which allows you to provide single sign-on (SSO) for your HappyFox account using identity providers such as Azure Active Directory, Onelogin, Okta, Smartsignin or a SAML compatible app that you host on your own. Single sign-on using SAML is available on Mighty plan and above. 

HappyFox allows you to use SAML to authenticate and log in to both agent and contacts. 

Steps to Configure a Custom SAML SSO:

  • Navigate to Apps >> Single Sign-on >> Custom SAML Method.
  • HappyFox needs the following information to be entered in our SAML Integration page
    • The URL to be redirected to when someone clicks on the Login with SAML button in HappyFox (SSO Target URL).
    • The SAML certificate from your SAML server. X.509 certificates are supported and should be in PEM format. 

 

  • Additionally, you can specify if you would want agents and/OR end-users to authenticate their login using SAML.
  • Enable the "Map Custom Field values from SAML option to synchronized contact custom fields with the identity provider. Learn more.
  • You can disable the traditional username/password login method by enabling the "Disable Standard login for agent/contact" toggle.

Note: Only one SAML based Single Sign On integration can be active at a time, in a HappyFox helpdesk account.

Enable Encrypted SAML assertions:

You can also encrypt your SAML assertions for added security. To know more about this feature, click here.

 

The SAML server might require the following information: 

  1. The Access Consumer Service (ACS) URL is https://<accountname>.happyfox.com/saml/callback/. If you only need to authenticate agent members, you can use https://<accountname>.happyfox.com/staff/saml/callback/. 

  2. Destination attribute of SAML Response should be https://<accountname>.happyfox.com/saml/callback/. If you only need to authenticate agent members, you can use https://<accountname>.happyfox.com/staff/saml/callback/.
  3. The recipient attribute of Subject Confirmation Data should be https://<accountname>.happyfox.com/saml/callback/. If you only need to authenticate agent members, you can use https://<accountname>.happyfox.com/staff/saml/callback/.
  4. SPNameQualifier (optional) attribute of NameID should be https://<accountname>.happyfox.com/saml/client-metadata/. If you only need to authenticate agent members, you can use https://<accountname>.happyfox.com/saml/metadata/
  5. The NameID format should be urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. This email address is used to match and/or create the agent or contact as necessary in HappyFox. With this attribute, the name and email ID of the user will be pulled in from the SAML identity provider into HappyFox. 

 

 
Feedback
3 out of 7 found this helpful

scroll to top icon