How to set up Single Sign-on (SSO) using SAML?

HappySignals Analytics supports single sign-on (SSO) using the industry standard Secure Assertion Markup Language (SAML). The SSO support in Analytics enables an organisation to manage users using their own existing infrastructure such as Active Directory maintained by the organisation or using a identity management as a service provider (SaaS) such as OneLogin or Okta.

When SSO is enabled for an organisation HappySignals Analytics does not store any password information about the user, instead the organisation uses the SSO service to enable and disable access for their users. Analytics does however store limited information about the user, the first- and last name of the user as well as his or her email address, that is necessary for using the application. In addition to this, any data that the user has created in the application is also stored such as Reports or timeline notes.

HappySignals regularly maintains this data by removing any account that has not been used in the last 6 months. Removal deletes all information about the user and any private items the user may have created.

Setting up SAML based SSO

To configure SSO for your organisation follow these steps.

Information that your IT team needs from HappySignals

To set up the HappySignals application on your side your IT team will require the following details.

  1. The Access Consumer Service (ACS) URL for your instance.
  2. The Audience URI also known as SP Entity ID

Generally these can be formed from the instance URL by appending /sso/saml to the instance URL. If the instance URL is

https://acmecorp.emea.happysignals.com

Both the ACS and Audience URI will be

https://acmecorp.emea.happysignals.com/sso/saml

Additionally the SAML server needs to be configured to provide the first and last name of the user, as well as his or her email address. Please ask your IT team to provide these details in the following fields (SAML Attribute Statements)

Attribute name Description URI
firstName Users first name (given name) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
lastName Users last name (family name) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
email Email address of user http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

 

If you wish you can download these settings in an XML file and provide that you your IT team by appending /sso/saml/metadata to your instance URL

Information that your IT team needs to provide to HappySignals support

In order to configure SSO for an organisation we need two separate pieces of information provided by the IT team.

  1. The remote login URL for your SAML Server (Identity Provider) this may be referred to as the SAML Single Sign-On URL in some services.
  2. The signing certificate in X.509 format that the SAML Server uses to digitally sign login details that are passed back to HappySignals Analytics.

If you have a XML metadata file that will contain all the necessary details to set up on the HappySignals side, we're happy to receive that as well.