Using SAML for Single Sign On

HappyFox provides Secure Assertion Markup Language (SAML), which allows you to provide single sign-on (SSO) for your HappyFox account using identity providers such as Active Directory, Onelogin, Okta, Smartsignin or a SAML compatible app that you host on your own. Single sign-on using SAML is available on Mighty plan and above. 

HappyFox allows you to use SAML to authenticate and log in both staff and contacts. 

HappyFox needs the following information to be entered in our SAML Integration page (https://<accountname>.happyfox.com/staff/manage/integrations/auth/saml)

  1. The URL to be redirected to when someone clicks on the Login with SAML button in HappyFox (SSO Target URL)
  2. The SAML certificate from your SAML server. X.509 certificates are supported and should be in PEM format. 

 

The SAML server might require the following information: 

  1. The Access Consumer Service (ACS) URL is https://<accountname>.happyfox.com/saml/callback/. If you only need to authenticate staff members, you can use https://<accountname>.happyfox.com/staff/saml/callback/. 

  2. The NameID format should be urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. This email address is used to match and/or create the staff or contact as necessary in HappyFox. With this attribute, the name and email ID of the user will be pulled in from the SAML identity provider into HappyFox. 

  • 515
  • 03-Oct-2018
  • 3619 Views