You can set up SAML-based single sign-on (SSO), giving users access to holaspirit through an identity provider (IDP) of your choice. This can only be done by an Administrator.
1. Enable SAML for your organization on your holaSpirit
To enable SAML authentication, please follow these steps:
- Click on your profile icon at the bottom of the left-hand navigation menu
- Click Administration
- In the Settings section, click Authentication
- Toggle the switch on the right side to activate SAML
Once SAML is enabled, the page will show you the SAML metadata URL, with information that you need to set up your identity provider.
2. Configuring the identity provider
You can then set up a connection with your identify provider (IDP).
For MS Azure, you can read the documentation: https://azure.microsoft.com/en-us/documentation/articles/active-directory-enterprise-apps-manage-sso/
3. Configuring the Holaspirit connection
After that, you can configure your platform:
- Fill out the Issuer URL (aka - SAML Entity ID), SSO Endpoint (where you go to login, aka - SAML Single Sign-On Service URL), SLO Endpoint (the URL when you logout), and the Certificate (provided by your IDP, it must be in PEM format, such as in the below image)
- Click Save
For Okta users
In "Single Sign On URL", you need to write the ACS (looks like : https://app.holaspirit.com/api/public/organizations/********/social/saml/acs)
In "Audience URI", you need to write the URL of the metadata.
In the settings of you app, in "General" "SAML settings", be sure to add the following attribute statements :