For Google Workspace.
For Microsoft 365.
Question:
Which services can Single Sign-on with Access Control?
Answer:
It is supporting Google Workspace, Microsoft 365, and Salesforce.
*Salesforce can't sync account/password.
Besides, some other services satisfy conditions for coordination may support it.
Please confirm each service provider (SP), then try.
The single sign-on setting with the services which our company confirmed configuration at the following site (it is an external service of HENNGE management) is stated.
https://teachme.jp/r/hac
※ We are planning to add other services sequentially.
Conditions necessary for coordination
- Support SAML2.0
- NameIDFormat has to be「urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress」
- Setting value of NameID is matched one of configuration on HENNGE Access Control.
- Use SP-Initiated SSO or IdP-Initiated SSO
- Include "AssertionConsumerService URL" within SAML request if use SP-Initiated SSO.
We’ll show you Single Sign On setting values for main services.
Each setting values
- Issuer
https://ap.ssso.hdems.com/portal/[user domain]
- IdP Certificate:
Download from Access Control Management Screen.
https://ap.ssso.hdems.com/admin/[user domain]
[Domain settings] > [Other settings] > [Server Certificate]
- IdP Login URL:
https://ap.ssso.hdems.com/portal/[user domain]/login
- IdP Logout URL:
https://ap.ssso.hdems.com/portal/[user domain]/logout
- IdP Metadata
https://ap.ssso.hdems.com/saml/[user domain]/federationmetadata.xml
* If you need metadata registration on SP side, you can download from the URL above.