Hone Single Sign-On (SSO) Setup Guide

  • Updated

This guide explains how to enable single sign-on (SSO) for your team on the Hone platform. Single sign-on allows team members to access Hone by signing in to a central identity provider (IdP).

 

Before Getting Started

  • We recommend allowing everyone access to the Hone app. User features will be enabled upon receiving an invitation to enroll or membership activation.
    • Limiting user access to the Hone app can be done via the SSO setup page. Contact your IT department for assistance.
  • SSO will require learners to log into their Identity Provider login account to log into Hone. 
    • If users try to log into Hone directly, it will redirect them to their Identity Provider login page. 
  • Hone does not support SCIM or OpenID Connect.
  • Hone Supports the following:
    • SP-initiated SSO
      • Go to https://app.honehq.com/
      • Enter your email, then click Continue.
      • You will be redirected to log in to your Okta account.
  • IDP-initiated SSO
    • Sign in to your Okta account and click on the Hone app, you will automatically be logged into the Hone website https://app.honehq.com/

 

Single Sign-On (SSO) Support

Hone supports SSO via SAML 2.0 and acts as a service provider (SP) for SSO. Your team must implement a federation service to act as an identity provider (IdP). See below for a list of IdPs Hone officially supports:

If your IdP is not included in the list above SSO will work if it meets these requirements:

  • Must support SP initiated SSO

  • Must support SAML 2.0

  • Name ID format must be email and the value must be the user’s primary email address.

  • Must include an additional email attribute set to the user’s primary email address.

 

Google Workspaces

  1. Navigate to your custom SAML app and update user access to make the managed app available to select users, groups, or organizational units.

  2. Select service provider details and enter the SAML configuration using Hone’s metadata file.

  3. Ensure Name ID is using email format and the user’s primary email address.

  4. Select SAML attribute mapping and add a mapping from the user’s primary email to the email attribute.

  5. Navigate to the Hone SSO configuration section to continue. 

 

JumpCloud

  1. Navigate to your SSO page under User Authentication on the left-hand panel.

  2. Select custom SAML App and enter the SAML configuration using Hone’s metadata file on the SSO tab.

  3. While on the SSO tab, under the attributes section, add attribute mapping with the service provider attribute name value set to email and the JumpCloud attribute name set to email.

  4. While on the configure SAML step, update User Groups to make the manages app available to select users, groups, or organizational units.

  5. JumpCloud video walk-through: https://jumpcloud-1.wistia.com/medias/x8aajrzloo

  6. Navigate to the Hone SSO configuration section to continue.

 

Microsoft Entra ID

Configuration Steps

Microsoft Entra ID.png

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications > New application.
  3. In the Add from the gallery section, type Hone in the search box.
  4. Select Hone from the results panel and then add the app. Wait a few seconds while the app is added to your tenant.
    1. Do the following and edit the attributes to match the field for Hone to authenticate the learner. 
      1. Add email claims to the attribute with the user.userprincipalname
      2. Ensure the User Unique Identifier is set with the value user.userprincipalname
  5. Navigate to the Hone SSO configuration section to continue.
  •  

Configure Microsoft Entra SSO

Follow these steps if you are having issues adding the Hone app from Entra gallery.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

  2. Browse to Identity > Applications > Enterprise applications > Hone application integration page, find the Manage section and select Single sign-on.

  3. On the Select a Single sign-on method page, select SAML.

  4. On the Set up Single Sign-On with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

  5. On the Basic SAML Configuration page, enter the values for the following fields: 

6. On the Set up Single Sign-On with SAML page, click the pencil icon for Attributes & Claims to edit the settings.

    • Select User Unique Identifier value and select from the drop-down option for the following: 
      • Name identifier format is email address

      • Source attribute is user.userprincipalname

    • Add email claims with the value as user.userprincipalname

7. Navigate to the Hone SSO configuration section to continue.

Click on this link for a step-by-step tutorial if you have any issues. 

 

Okta

noun-info-1587161-EF4A81.png Read this before you enable Okta SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular sign-in page. They will be able to access the app through the Okta service.

Hone Supports the following:

  • SP-initiated SSO
    • Go to https://app.honehq.com/
    • Click 'Sign in' and enter your Email.
    • You will be redirected to log in to your Okta account.
  • IDP-initiated SSO
    • Sign in to your Okta account and click on the Hone app, you will automatically be logged into the Hone website https://app.honehq.com/

Configuration Steps

Screen Shot 2023-11-21 at 3.51.53 PM.png

  1. Sign in to Okta as the Admin.
  2. Select the Application > Application > Browse App Catalog > search and select Hone > click Add Integration
  3. Navigate to the Hone SSO configuration section to continue.
    • We recommend allowing everyone access to the Hone app. User features will be enabled upon receiving an invitation to enroll or membership activation.

Configure Okta SSO

Follow these steps if you are having issues adding the Hone app from Okta catalog.

  1. Navigate to your SAML app integration and from the assignments tab, assign your application to people or groups.

  2. From the general tab, select edit SAML settings, navigate to the configure SAML step, and enter the SAML configuration using Hone’s metadata file.

  3. While on the configure SAML step, ensure Name ID is using email format and set the application username to Okta username.

  4. Under the attributes statements sections add an attribute with name set email and value set to user.email

  5. Navigate to the Hone SSO configuration section to continue.

 

OneLogin

  1. Navigate to your custom SAML application and on the access tab, assign the policies and roles.

  2. Select the configuration tab and update the application details using Hone’s metadata file.

  3. Select the parameters tab and ensure the NameID field has a value set to Email.

  4. Add a new field name email and set the value to Email and check the include in SAML assertion checkbox.

  5. Navigate to the Hone SSO configuration section to continue.

 

Hone SSO Configuration

After configuring your identity provider's SAML application, let's configure your configuration with Hone. 

  1.  Log in to the Admin platform.
  2. Select ‘Setting’, located at the top right corner next to your user icon. 
  3. Choose ‘Single Sign-On’ and input the following information from your metadata, then click ‘Save’. 

HC SSO Steps 1-3.png

 

4. Switch the Mode to ‘Optional’ and click ‘Save’. Test the configuration in step 5. If the testing is successful, switch the Mode to ‘Required’. 

  • Setting the Mode to ‘Required’ will redirect all users to log in to Hone through their SSO login, bypassing our Hone authentication process. 

HC SSO Step 4.png

 

5. Testing configuration:

    1. Using the incognito window, sign in to the Hone portal with the email associated with your SSO login.
    2. You will see an option to ‘Sign in with SSO’, which will redirect you to your SSO login page. 
    3. Log in to your SSO page, and it will redirect you back to the Hone portal. 
    4. If you are redirected to the Hone portal, you can update the Mode from ‘Optional’ to ‘Required’.

 

Pros & Cons of SSO

  • Pros:
    • SSO can improve security by centralizing authentication and reducing the number of exposed entry points.
    • SSO creates easier enforcement of security policies and compliance requirements across various applications.
    • Users only need to remember one set of login credentials to access multiple applications, enhancing user experience.
    • Simplifies user management as administrators can manage access to multiple applications from a single point, reducing administrative overhead.
  • Cons:
    • If the SSO system experiences downtime or a security breach, it could potentially lead to widespread access issues.
    •  Setting up and maintaining an SSO system can be complex, requiring integration with various applications and identity providers. Without an IT team to manage it, this can be a burden and security risk.

Click on this link to complete the Admin Support Form and we'll be happy to help. 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

//theme.zdassets.com/theme_assets/11874866/a94a28a0e13a3b091ded455887f7eedaa07200a3.js