We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket



Top

SAML SSO (beta)

You must reach out to Huntress Support Huntress Support to enable SAML for your account and expose the settings in your Huntress Dashboard. Please review the current limitations section of this page before continuing. 

Single Sign-On (SSO) can be configured with any compatible SAML 2.0 identity provider ( Google Apps, Okta, Duo, Microsoft 365/Azure AD, AuthPoint, etc.) and will allow Huntress Account users to log in without needing a separate username and password.

Current Limitations

  • You may need to enter your email twice (once on the Huntress SSO page and once on your corporate logon page)
  • Users must still accept the Huntress invitation and create a local password before using SSO. 
  • You cannot disable local Huntress logins
  • If you are using Huntress 2FA, you must still enter the prompt after logging in via SSO (we're working out the kinks on allowing partners to disable 2FA when it's being used through a SAML provider, but still maintain 2FA enforcement for local logins). 
  • Users will need to be added individually to Huntress. Huntress will not 'inherit all users from your SAML provider. If a user from your organization tries to log in and they are not in the Huntress list, they will be provided with a "username/password invalid" error from Huntress. 
  • SAML SSO is only supported for Account-level logins, it is not supported on the Organization-level.
  • In order to sign in using SSO, you'll need to go to https://huntress.io/sso
  • You will need to enter your email address at least once (at huntress.io/sso) for us to pass to your IdP
    • Huntress does not currently do tenant-based login, so we need you to enter your email to perform a "lookup" to send you to the current identity provider (IdP) 

Links to SAML Setups for Common Providers

Follow the links below on manually creating a SAML app in your provider.


In this article


Manual Configuration

Your SAML provider must pass over "emailaddress" as the email address used to log into Huntress. 

Huntress Single Sign On (SSO) login should be compatible with all SAMLv2 providers. Below is the minimum information you will need to configure your SAML SSO integration with Huntress. 

Identifier: https://huntress.io/sso/metadata
Reply URL: https://huntress.io/sso/auth
Sign on URL: https://huntress.io/sso

You will need to paste the base64 certificate with the beginning and closing statements on the Huntress side.

Attribute Mapping

If you are using a provider other than Microsoft Azure (such as Duo), you may need to do some additional Attribute mappings. 

NameID Attribute Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

SAML Response Attribute  Identity Provider Attribute
NameID <Email Address>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
<First Name>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
<Last Name>

Add your provider to Huntress

  1. Head over to your account settings. 
  2. Click "Setup SAML SSO" (if you are missing the SAML settings, please contact Huntress Support Huntress Support)
  3. Enter the following information provided by your SAML provider:
    1. SSO Service [provider] URL
    2. Entity ID (URL)
    3. [base64] Certificate
      1. You must paste the entire base64 certificate including the "BEGIN CERTIFICATE" and "END CERTIFICATE" statements.
  4. This is what you should see in your account settings page after saving:

Troubleshooting

If you run into any problems, please Contact Support Contact Support.

If you would like to contribute screenshots and setup information for products other than Microsoft Azure and Duo, please submit them to cameron.granger@huntress.io.

table