Sso – Hatica

import { Callout } from 'nextra/components'

Configure SAML SSO login

Hatica supports login via SAML providers. In general, the steps are:

Create a SAML application in your provider admin console and provision users
Add the relevant details in Hatica and enable login via SAML

Once you enable login via SAML, it will be the only way to login and previously used login via Email and OTP will be disabled

Azure

Create your Azure application: From your Azure Admin console, click Enterprise applications from the left navigation menu.

If your application is already created, choose it from the list and move to the section Configure Application

If you haven't created a SAML application, click New application from the top to create a new application.

From the next screen, click Create your own application. Give your application a Name and click Create.

Configure Application

Select Single Sign On from the Manage section of your app and then SAML.

Click Edit on the Basic SAML Configuration section.

Enter the following highlighted values in the Basic SAML Configuration section on the next screen:

Identifier (Entity ID) - hatica

Reply URL (Assertion Consumer Service URL) - https://gw.hatica.io/api/oauth/saml (opens in a new tab)

Click Save to save your changes.

Attribute Mapping

Click Edit on the Attributes & Claims section.

You have to configure the following attributes under the Attributes & Claims section:

Name	Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress (opens in a new tab)	user.email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname (opens in a new tab)	user.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name (opens in a new tab)	user.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname (opens in a new tab)	user.surname

See the screenshot #2: Go to the section SAML Signing Certificate section and download the Federation Metadata XML.

See the screenshot #3: Go to the section SAML Signing Certificate section and download the Federation Metadata XML.

**Next steps: **You've successfully configured your custom SAML application for Azure AD SAML. At this stage, you can assign users to your application and start using it.

Azure AD FS

From your Azure Admin console, click Enterprise applications from the left navigation menu.

If your application is already created, choose it from the list and move to the Configure Application section

From the next screen, click Create your own application. Give your application a Name and click Create.

Configure application

Select Single Sign On from the Manage section of your app and then SAML.

Click Edit on the Basic SAML Configuration section.

Enter the following highlighted values in the Basic SAML Configuration section on the next screen:

Identifier (Entity ID) - hatica

Reply URL (Assertion Consumer Service URL) - https://gw.hatica.io/api/oauth/saml (opens in a new tab)

Click Save to save your changes.

Attribute Mapping

Click Edit on the Attributes & Claims section.

You have to configure the following attributes under the Attributes & Claims section:

Name	Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress (opens in a new tab)	user.email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname (opens in a new tab)	user.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name (opens in a new tab)	user.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname (opens in a new tab)	user.surname

See the screenshot #2: Go to the section SAML Signing Certificate section and download the Federation Metadata XML.

Next steps: You've successfully configured your custom SAML application for Azure AD SAML. At this stage, you can assign users to your application and start using it.

Google SSO

From your Google Admin console, click Apps from the sidebar then click Web and mobile apps from the list.

If your application is already created, choose it from the list and move to the section Configure Application

If you haven't created a SAML application, click Add custom SAML app from the menu.

Give your application an App name and click Continue.

Configure Application

From the next screen, click DOWNLOAD METADATA to download the metadata XML file, then click Continue.

Enter the following values in the Service provider details section:

ACS URL - https://gw.hatica.io/api/oauth/saml (opens in a new tab)
Entity ID - hatica

Click Continue to save the configuration.

Attribute Mapping

Under the Attributes section, you have to configure the following attributes:

App attributes	Google directory attributes
email	Primary email
firstName	First name
lastName	Last name

See the screenshot #1: After you have configured the attributes, click Finish to save the configuration.

From the next screen, click User access to configure the application to allow users to log in.

Check the ON for everyone checkbox and click Save.

Next steps: You've successfully configured your custom SAML application for Google SAML. At this stage, you can assign users to your application and start using it.

Okta SSO

From your Okta dashboard, select Applications from the main menu, then click the Create App Integration button.

Select SAML 2.0 as the sign-in method and then click Next.

Then name the application and optionally upload the logo.

Click the Next button to proceed to the SAML Settings page.

Configure Application

Populate the form with the values obtained from Hatica SAML Single Sign-On setup page (opens in a new tab). They will look similar to the following:

Enter the following values in the Service provider details section:

Single sign-on URL - https://gw.hatica.io/api/oauth/saml (opens in a new tab)
Audience - hatica

Click Continue to save the configuration.

Attribute Mapping

Under the Attributes section, you have to configure the following attributes:

App attributes	Okta attribute
id	user.id
email	user.email
firstName	user.firstName
lastName	user.lastName

See the screenshot #1: After you have configured the attributes, click Finish to save the configuration.

From the next screen, click User access to configure the application to allow users to log in.

On the next screen select I'm an Okta customer adding an internal app and click Finish.

From your application, click Sign On tab and go to the section SAML Signing Certificates

Click the Actions dropdown for the correct certificate and click View IdP metadata. A separate window will open with the metadata XML file, you can copy it to your clipboard.

Update Hatica SAML SSO Configuration

Go to Hatica SAML Single Sign-On setup page (opens in a new tab). Paste in the IDP XML metadata (downloaded in previous step), check the Enabled field, then click the Save button.

Next steps: You've successfully configured your custom SAML application for Okta SAML.

Test sign-in flow using incognito window

Be sure to stay signed in to the Hatica dashboard until you've verified the Okta sign-in flow from an incognito window.
Staying signed in to the dashboard will allow you to update the SAML settings or disable SAML SSO in the event of misconfiguration.

Moving Users between Teams Team Management