(Automated) configuration Single-Sign on (SSO) ADFS


#1

Hello, we would like to use HubSpot SSO for our HubSpot instance:

Our IT requirements are as follows:

Requirements ADFS (SAML2) SSO for Webservices:

ADFS configuration Metadata XML file must be available online via URL.
The Metadata XML must contain the configuration parameters and certificate for the external ADFS (SAML2) Endpoint.
Auto configure via Metadata URL must be supported.
As the Unique ID we will provide the Emailadress of the User. (forename.surname@company.com)
The Provider will get a Metadata URL from us to configure their systems automatically.

Manual ADFS Configuration is not supported, because of the complexity and error-proneness.
ADFS is an authentication service, we will not provide any additional user data.

How can we set up SSO in this framework?


#3

Hi @folked, all of HubSpot's requirements for SSO are detailed here: https://knowledge.hubspot.com/articles/kcs_article/account/can-i-use-single-sign-on-sso-with-hubspot.

Is there anything in particular that you're curious about with the SSO process? I'm not quite sure what your question is. If you're hung up on a particular step in the process described in the article, I'd be happy to further explain.


#4

Hi @Connor_Barley, I sent the HubSpot requirements you referred, to our IT department and got their requirements as a response. My question is if we can realize SSO at all under these circumstances?
Perhaps I need to connect our IT with a HubSpot developer, as I am not an expert in this regard. Can you help?


#5

Hi @folked, it sounds like you want a way to be able to send us a metadata URL that auto configures your SSO environment. If I’m understanding and if that is the case, that is not supported. Currently the only supported AD FS configuration is explained in it’s entirety here:

If your team has gone through this article already and it doesn't sound like your system will be compatible, then your setup likely will not be possible within HubSpot.