SAML SSO (beta)
You must reach out to Huntress Support Huntress Support to enable SAML for your account and expose the settings in your Huntress Dashboard. Please review the current limitations section of this page before continuing.
Single Sign-On (SSO) can be configured with any compatible SAML 2.0 identity provider ( Google Apps, Okta, Duo, Microsoft 365/Azure AD, AuthPoint, etc.) and will allow Huntress Account users to log in without needing a separate username and password.
- You may need to enter your email twice (once on the Huntress SSO page and once on your corporate logon page)
- Users must still accept the Huntress invitation and create a local password before using SSO.
- You cannot disable local Huntress logins
- If you are using Huntress 2FA, you must still enter the prompt after logging in via SSO (we're working out the kinks on allowing partners to disable 2FA when it's being used through a SAML provider, but still maintain 2FA enforcement for local logins).
- Users will need to be added individually to Huntress. Huntress will not 'inherit all users from your SAML provider. If a user from your organization tries to log in and they are not in the Huntress list, they will be provided with a "username/password invalid" error from Huntress.
- SAML SSO is only supported for Account-level logins, it is not supported on the Organization-level.
- In order to sign in using SSO, you'll need to go to https://huntress.io/sso
- You will need to enter your email address at least once (at huntress.io/sso) for us to pass to your IdP
- Huntress does not currently do tenant-based login, so we need you to enter your email to perform a "lookup" to send you to the current identity provider (IdP)
Links to SAML Setups for Common Providers
Follow the links below on manually creating a SAML app in your provider.
In this article
Your SAML provider must pass over "emailaddress" as the email address used to log into Huntress.
Huntress Single Sign On (SSO) login should be compatible with all SAMLv2 providers. Below is the minimum information you will need to configure your SAML SSO integration with Huntress.
|Reply URL:|| https://huntress.io/sso/auth
|Sign on URL:||https://huntress.io/sso|
You will need to paste the base64 certificate with the beginning and closing statements on the Huntress side.
If you are using a provider other than Microsoft Azure (such as Duo), you may need to do some additional Attribute mappings.
NameID Attribute Format:
|SAML Response Attribute||Identity Provider Attribute|
Add your provider to Huntress
- Head over to your account settings.
- Click "Setup SAML SSO" (if you are missing the SAML settings, please contact Huntress Support Huntress Support)
- Enter the following information provided by your SAML provider:
- SSO Service [provider] URL
- Entity ID (URL)
- [base64] Certificate
- You must paste the entire base64 certificate including the "BEGIN CERTIFICATE" and "END CERTIFICATE" statements.
- This is what you should see in your account settings page after saving:
If you would like to contribute screenshots and setup information for products other than Microsoft Azure and Duo, please submit them to email@example.com.