How to set up Single Sign-on (SSO) using SAML?

With Single Sign-On, you and your colleagues can easily access HappySignals. Activating SSO is free—admins can do it from Settings.

HappySignals supports Single sign-on (SSO) using the industry-standard Secure Assertion Markup Language (SAML). This support enables an organization to manage HappySignals users using its existing infrastructure, such as an Active Directory maintained by the organization or an identity management service provider such as OneLogin or Okta.

Data and privacy with SSO activated

When SSO is activated for your organization, HappySignals does not store user password information. Instead, your organization uses the SSO service to restrict and allow your users access.

HappySignals does, however, store limited information about users that is necessary for using the application: first and last name, as well as email address. In addition, any data that users create on the platform, such as shortcuts or milestones, is also stored.

HappySignals regularly maintains this data by removing any account that has not been used in the last 6 months. Account removal deletes all information about the user and any private items the user may have created.

Setting up SAML-based SSO

Only users with a HappySignals Administrator role can set up SSO for the organization. If you are an admin, activate SSO by starting from Settings > SSO.

Information that your IT team needs to provide to HappySignals

To configure SSO for your organization, HappySignals needs to receive three pieces of information supplied by your IT team:

1. Entity ID: Unique identifier for your SAML server (Identity Provider)
2. Single Sign-on Service URL: The remote login URL for your SAML Server (Identity Provider), also known as the SAML Single Sign-On URL in some services.
3. Certificate: The signing certificate in X.509 format that the SAML Server uses to sign login details that are passed back to HappySignals digitally.

Alternatively, if you have a metadata XML file containing all the details above to set up SSO on the HappySignals side, simply upload the file using the button at the top right.

Information that your IT team needs from HappySignals

To set up SSO for HappySignals, your IT team will need the following details:

1. Entity ID: the Audience URI, also known as SP Entity ID
2. Assertion Consumer Service (ACS) URL for your instance

Generally, these can be formed by appending /sso/saml to your HappySignals instance URL. For example, if the instance URL is

https://acmecorp.emea.happysignals.com

Both the ACS and Audience URI will be

https://acmecorp.emea.happysignals.com/sso/saml

Additionally, the SAML server needs to be configured to provide the first and last name of the user, as well as their email address. Please ask your IT team to provide these details in the following fields (SAML Attribute Statements)

Attributes & Claims

Required and Additional Claims

Important Note: Ensure that the attribute names match exactly as shown above. Incorrect attribute names can lead to issues where user details do not populate correctly during SSO login.