This guide tells you to how to enable Single Sign-On (SAML) and automatic user provisioning (SCIM) between Hoxhunt and OneLogin.
- Single Sign-On allows your employees to login to e.g. Hoxhunt Dashboard at https://game.hoxhunt.com and Admin portal at https://admin.hoxhunt.com/.
- Automatic user provisioning creates users to Hoxhunt and keeps their user data up to date. Provisioning service also deactivates users who are unassigned from the OneLogin application or are deactivated in OneLogin.
NOTE: Setting up SSO is optional. Single Sign-On is not required to report emails with Hoxhunt button. If you don't wish to configure SSO, employees can log in to Hoxhunt App via Magic Links.
NOTE: Setting up SCIM is optional. If you don't wish to configure SCIM, you can manage your Hoxhunt users via Hoxhunt Admin Portal.
The OneLogin/Hoxhunt SAML integration currently supports the following features:
- IdP-initiated SSO
- SP-initiated SSO
The OneLogin/Hoxhunt SCIM integration currently supports the following features:
Update user attributes
Before you start
Before you start configuring OneLogin, make sure you meet the following technical requirements:
you have an OneLogin account with admin privileges
you have Admin access to Hoxhunt in order to gather necessary setup information (if you don't have access, please reach out to your Onboarding Manager or Hoxhunt Support)
In addition, configuration is easier if you:
- make sure you know which users you will give access to the application.
- check which employees already have an account in Hoxhunt. You can utilise Data Inspector or ask Hoxhunt Support to provide a full user list. You may also identify users who have already left your company or shouldn't be part of Hoxhunt anymore.
After you are finished
After you have completed OneLogin configuration for SSO and/or SCIM, please check the following:
- make sure the provisioned user data meets your expectations, and all user attributes are properly mapped between OneLogin and Hoxhunt. Adjust if necessary.
- double-check you don't have users in Hoxhunt who are outside of OneLogin provisioning. Correct as necessary.
- double-check you haven't provisioned unwanted users (e.g. technical accounts) to Hoxhunt. Adjust your assignments as necessary.
Installing Hoxhunt OneLogin application
Login to OneLogin admin interface.
Go to the Applications and select Add App.
Search and select Hoxhunt.
Configure OneLogin SSO
- Go to Single Sign-On in Hoxhunt Admin Portal.
- Copy the ACS Url (Entity ID).
- Go to Configuration page in the Hoxhunt OneLogin application.
- Enter the ACS Url (Entity ID) you retrieved from Hoxhunt Admin Portal and add it to the SAML Consumer (ACS) URL field in OneLogin.
- Go to SSO page in the Hoxhunt OneLogin application.
- Click View Details under X.509 Certificate.
- Copy the X.509 Certificate.
- Go back to Single Sign-On in Hoxhunt Admin Portal.
- Paste the X.509 certificate to Public certificate field.
- Copy the SAML 2.0 Endpoint (HTTP) URL from OneLogin SSO page
- Paste the URL to SAML 2.0 endpoint (HTTP) field in Hoxhunt Admin.
12. Toggle Enable Single Sign-on and click Save.
13. Go to Access page in Hoxhunt OneLogin application and grant access to required user roles.
Test SSO integration
You can now test SSO by any of the following methods:
- by clicking Test SSO integration button in Single Sign-On page in the Admin Portal.
- by logging in to Hoxhunt via https://game.hoxhunt.com with a Incognito/InPrivate browser window.
- by accessing Hoxhunt OneLogin app through the OneLogin apps (only if made visible to your employees).
Configure OneLogin automatic user provisioning (SCIM)
1. Go to Automated user provisioning in Hoxhunt Admin Portal.
2. Retrieve the SCIM token by clicking Generate new token.
3. A warning will appear, letting you know that the token you are generating will replace the existing one. If this is your first time setting up SCIM for Hoxhunt, you can ignore this message.
4. Copy the SCIM authentication token from the Hoxhunt Admin Portal.
IMPORTANT: Once generated, the token cannot be seen on the page anymore. If for any reason you lose your SCIM token, you must generate a new one. Hoxhunt cannot retrieve the current SCIM token for you.
5. Go back to Hoxhunt OneLogin application and navigate to Configuration page. Paste the SCIM authentication token to SCIM Bearer Token and enable API connection.
6. Go to Parameters tab and check that you have desired source values set for country and department. You can also change source values for other attributes if needed.
7. Go to Provisioning page and check Enable provisioning. Deselect Require admin approval before this action is performed for Create user, Delete user and Update user operations unless you want to approve every action.
8. Go to Access page and grant access to required user roles.
9. Go to Users page and check that users are provisioned and you don't see any errors. Check results also via Hoxhunt Admin portal.