For Google Workspace.

For Microsoft 365.

Question:

Which services can Single Sign-on with Access Control?

Answer:

It is supporting Google Workspace, Microsoft 365, and Salesforce.
*Salesforce can't sync account/password.

Besides, some other services satisfy conditions for coordination may support it.
Please confirm each service provider (SP), then try.

The single sign-on setting with the services which our company confirmed configuration at the following site (it is an external service of HENNGE management) is stated.
https://teachme.jp/r/hac
※ We are planning to add other services sequentially.

Conditions necessary for coordination
 - Support SAML2.0
 - NameIDFormat has to be「urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress」
 - Setting value of NameID is matched one of configuration on HENNGE Access Control. 
 - Use SP-Initiated SSO or IdP-Initiated SSO
 - Include "AssertionConsumerService URL" within SAML request if use SP-Initiated SSO.

We’ll show you Single Sign On setting values for main services.

Each setting values
 - Issuer
https://ap.ssso.hdems.com/portal/[user domain] 

 - IdP Certificate：
Download from Access Control Management Screen.
https://ap.ssso.hdems.com/admin/[user domain]
[Domain settings] > [Other settings] > [Server Certificate]

 - IdP Login URL：
https://ap.ssso.hdems.com/portal/[user domain]/login

 - IdP Logout URL：
https://ap.ssso.hdems.com/portal/[user domain]/logout

 - IdP Metadata
https://ap.ssso.hdems.com/saml/[user domain]/federationmetadata.xml
* If you need metadata registration on SP side, you can download from the URL above.