1. What is SSO?

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials - for example, a name and password - to access multiple applications. SSO can be used by enterprises, smaller organizations and individuals to ease the management of various usernames and passwords.

In Howspace, SSO functions as an alternative method to manage access to workspaces and Main User Dashboard.

Howspace SSO works with all SAML2 and OpenID compatible identity providers such as:

  • G Suite

  • Azure AD

  • OneLogin

  • Okta

  • Shibboleth

AppleID is also supported. If you are interested in setting up AppleID for your SSO solution, please contact support@howspace.com.

2.0 Enabling SSO for Howspace

To enable and configure the SSO feature in Howspace, there are two levels. The customer level configuration and the workspace specific settings. The workspace specific settings always override the default settings defined in the main user dashboard. SSO can be used in addition to the login links, or as the default login method.

Overview of the configuration and settings:

  1. On customer level (Main User Dashboard)

    1. SSO configuration (Multiple configurations can be added)

    2. Enabling SSO for Main User Dashboard

    3. Set default SSO settings for all workspaces

  2. On workspace level

    1. Select SSO configuration

    2. Enforce SSO login for specific domains

    3. Enable/disable automatic user creation

3. Configuring SSO in the Main User Dashboard

SSO configuration has to be done by a Main User. Instructions below for SAML2.0, OpenID and AzureAD configurations.

3.1 SAML2.0

3.1.1 Go to Main User Dashboard

  • partner.howspace.com/[your_organization], or

  • Click Main User Dashboard in workspace menu

3.1.2 Add new configuration from Settings > Single Sign-On > Add SSO configuration > SAML2.0

Fill in the SSO configuration details generated by your identity provider.

Note: Howspace SAML2 SSO configuration details needed for your identity provider, e.g. entityID, can be found by clicking the “View metadata” - option from Actions next to an existing configuration.

3.2 OpenID

3.2.1. Go to Main User Dashboard

  • partner.howspace.com/[your_organization], or

  • Click Main User Dashboard in workspace menu

3.2.2. Add new configuration from Settings > Single Sign-On > Add SSO Configuration > OpenID Connect

3.2.3 Fill in the configuration details.

Example of provider URL format when configuring Azure OpenID:

  • Name in azure: OpenID Connect metadata configuration

3.3 Azure AD

3.3.1. Go to Main User Dashboard

  • partner.howspace.com/[your_organization], or

  • Click Main User Dashboard in workspace menu

3.3.2. Add new configuration from Settings > Single Sign-On > Add SSO Configuration > Azure Active Directory

3.3.3 Name the configuration and add the tenant id of your Azure AD instance.

3.3.4 Enable the SSO login for a workspace and have an Azure admin user login using the SSO option. When the user logs in they will be prompted to allow the use of the application.

Multi-tenant Azure AD

Multi-tenant SSO configuration is supported. To configure multiple tenants, choose the multi-tenant option when adding the configuration. Include the tenant IDs of all instances.



Testing the configuration

From Settings > Main User Dashboard Access Control, enable Single Sign-On to main users.

NOTE: don’t disable the username/password login option without ensuring the functionality of the SSO Main User Dashboard login first.

Test your configuration by logging out from the Main User Dashboard and log back in clicking the “Login with SSO” - button

If the login didn’t work, please revise the configuration.

If you want to exclusively login to the Main User Dashboard using SSO, you can disable the “Username and password login”

4. Enabling SSO by default to new workspaces

1. From Main User Dashboard, allow and enable SSO SAML2 from “Workspace default settings” and save

2. From “Login, registration and SSO” select “Users can login using Single Sign-On”

3. Choose your SSO provider

Now SSO login is enabled automatically to new workspaces.

5. Use cases

5.1 All invited users from Your Organization must login to workspaces using SSO, but people invited from outside Your Organization can login using login links

1. From the Main User Dashboard or from a workspace, go to Settings -> Login, registration and SSO

2. Add Your Organization domain to the “Enforce SSO for following emails” field

3. Enable “Users can login with login links”

4. Add the group of users to the workspace

Now invited users with “mycompany.com” email address need to login using SSO, but users from other domains can be invited to login with login links.

5.2 SSO Registration

All users from Your Organization that have a valid SSO identity can login to the workspace using SSO. If the users have not been added to the workspace, they will be registered automatically as participants based on their SSO identity information.

1. From the Main User Dashboard or from a workspace, go to Settings -> Login, registration and SSO

2. Add Your Organization email address to the “Enforce SSO for following emails” field

3. Enable “Create SSO-users automatically”

As the ‘Create SSO users automatically’ option is selected, users with SSO identities can add themselves to the workspace. Registration can be limited based on email address, domain, or specific claims that are defined in the SSO configuration. All limitation criteria that are added this list, will have to be met by users in order to register.

Example: The domain mycompany.com is required along with a certain role that is defined in the sso configuration, a user who wishes to register has to meet both conditions before being allowed to register.

5.3 All invited users must login to workspaces using SSO

1. From the Main User Dashboard or from a workspace, go to Settings -> Login, registration and SSO

2. Make sure that the “Create SSO-users automatically” is disabled

3. Make sure that the “Users can login with login links” is disabled

4. Add the group of users to the workspace

Now only the added users can access the workspace and they must login using SSO.

Did this answer your question?