This guide tells you how to configure Single Sign-On (SAML) in your Ping Identity tenant for Hoxhunt service.
- Single Sign-On allows your employees to login to e.g. Hoxhunt Dashboard at https://game.hoxhunt.com and Admin Portal at https://admin.hoxhunt.com/.
NOTE: Setting up SSO is optional. Single Sign-On is not required to report emails with Hoxhunt button. If you don't wish to configure SSO, employees can log in to Hoxhunt App via Magic Links.
1. Create Hoxhunt application on Ping side
- Log in to your PingIdentity environment and navigate to Applications > Applications in the left-hand side menu.
- Create a new application by clicking icon in the opening view.
-
Give your application a name, such as Hoxhunt SSO.
- Select the application type to be SAML Application.
- Click Configure.
-
On the SAML Configuration page select Manually Enter.
- Switch to Hoxhunt Admin Portal , and navigate to Settings > Single Sign-On > Identity providers.
- Click Add Provider button to start configuring a new provider.
- In the opening view, give your SSO provider a name, for example Ping.
- Make a note of the ACS Url (Entity ID) field above the provider name. (This is unique to your organisation's Hoxhunt tenant).
- Switch back to Ping, and paste ACS Url (Entity ID) to the ACS URLs and Entity ID fields.
- Click Save.
2. Configure Hoxhunt application on Ping side
This section will outline the required settings for the SAML Application.
- Jump to the Configuration page of the application you created earlier.
- Click on the icon to edit the newly created application.
- Change the SIGNING KEY settings to Sign Assertion & Response.
- Select the SUBJECT NAMEID FORMAT to be:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Save the changes by clicking Save.
3. Attribute mappings of the Hoxhunt application on Ping side
- Navigate to Attribute Mappings tab.
- Click on the icon to edit the newly created application.
- Add two new rows by clicking + Add.
- Enter the attribute mappings as shown in the picture and in the below table:
Attributes PingOne Mappings saml_subject Email Address firstName Given Name lastName Family Name
NOTE: The attribute which is mapped to saml_subject should match with the primary mail (SMTP) address of the user in your mail environment. - Save the settings by clicking Save.
4. Finalize the configuration
- Define the users who are allowed to log in via the Hoxhunt SSO Application, by navigating to the Access page of the application.
Note: This guide will not go into detail on specifying the membership details as this will vary from organization to organization.
- Turn on the application by using the toggle switch at the top-right hand corner.
- Move back to the Configuration page.
- Click Download Signing Certificate as X509 PEM (.crt) file.
- Copy the Single Signon Service URL.
- Move back to Hoxhunt Admin Portal Settings > Single Sign-On > Identity providers.
- Paste the Single Signon Service URL (from step 4.5.) to SAML 2.0 endpoint (HTTP) field.
- Open the signing certificate you downloaded (in step 4.4) with a text editor, copy the contents of the file and paste it to the Public certificate field.
- (OPTIONAL) Select if you want to use this provider as default for new email domains in Hoxhunt as well.
- Save the configuration by clicking Save.
- Set/Verify the newly created Ping Identity provider to be used for your current domains by moving to the Domain settings page in Hoxhunt Admin Portal.
- Select the newly created Identity provider configuration to be used.
Ping SSO has now been created and enabled for the selected domains.
5. Test the configuration
- Open a browser and navigate to game.hoxhunt.com or admin.hoxhunt.com.
- Log in using an address you configured for the SSO, and click Ping Sign In.
- You should now be forwarded to Ping Identity for signing in.
- After signing in, you'll be redirected back to Hoxhunt Dashboard or Hoxhunt Admin Portal.
Frequently asked questions
I enabled SSO but the configuration doesn't work, how can I sign back in?
You can sign in using the Hoxhunt add-in in your mail client as well, use the Go to dashboard button at the bottom of the add-in pane and you'll be moved to the game dashboard.
Move to the Admin Portal from the top-left hand corner.