Please note that “Portal Settings” access is restricted to Site Admins only.
SSO Integration in CircleHD can be configured on your CircleHD Portal by going to;
Menu -> Portal Settings -> Single Sign on (SSO) page.
Introduction
SSO Single sign-on allows you to login using your Organization credentials. CircleHD single sign-on (SSO) is based on SAML 2.0.
CircleHD acts as the Service Provider (SP), and offers automatic user provisioning. You do not need to register explicitly to be a user on CircleHD Portal. Once CircleHD receives a SAML response from the Identity Provider (IdP), it checks if this user exists.
If the user does not exist, CircleHD creates a user account automatically with the received name ID provided this is enabled in Portal Security Settings.
CircleHD can also work with other Service Providers such as PingOne, Okta, Centrify, Shibboleth, Gluu, OneLogin, Fugen and Symplified and ADFS 2.0 SAML implementation.
Steps to Integrate SSO with CircleHD
- First, login to your CircleHD portal with your admin credentials, and navigate to Portal Settings -> Single Sign On (SSO), which should be at https://<YOURDOMAIN>.circlehd.com/admin/sso
- Turn On Enable Single Sign On Switch.
- Provide the Metadata/Audience XML (https://<YOURDOMAIN>.circlehd.com/auth/saml2/metadata.xml) to your IT SSO Admin. The document contains information about Audience system that allows your instance to verify that it is the intended recipient of a SAML response and generate corresponding certificate to be used by CircleHD.
- Additionally, your Organization IT SSO Admin may ask for the following information and / or configurations,
- App name: CircleHD
- App logo: Download from https://static.circlehd.com/public/static/img/circlehd-logo.zip
- Single sign on URL: https://<YOUR DOMAIN>.circlehd.com/auth/saml2
- Use this for Recipient URL and Destination URL: Yes
- Audience URI (SP Entity ID): https://<YOUR DOMAIN>.circlehd.com/
- Default RelayState: Empty
- Name ID format: EmailAddress
- Application Username: Email
- Response: Signed
- Assertion Signature: Signed
- Signature Algorithm: RSA-SHA256
- Digest Algorithm: SHA256
- Assertion Encryption: Unencrypted
- Optional SAML Attributes (used for reporting)
- fname: "<FIRST NAME>"
- lname: "<LAST NAME>"
- display_name: "<DISPLAY NAME>"
- department: "<ORG/DEPARTMENT>"
- function_name: "<JOB FUNCTION>"
- manager: "<MANAGER EMAIL>"
- cost_center: "<COST CENTER>"
- rtd_chain: "<REPORTING CHAIN (separated by comma)>"
- location: "<LOCATION>"
- Receive the following information from your IT SSO Admin to continue. This may be contained in the Identity Provider metadata XML File
- Login URL (Identity Provider Single Sign-On URL): To be used for redirecting user when authentication is required.
- Logout URL: (Optional) The destination for the user when logging out from CircleHD.
- Certificate: x509 Public key Certificate to validate the response from your IDP.
- Fill in all the Fields accordingly.
- Click on Save to save SSO Settings.
Test the integration
- Navigate to on the Sign in Test URL: https://<YOUR DOMAIN>.circlehd.com/auth/saml2/signin
- Make sure you are able to login to CircleHD domain using your Org SSO Credentials.
- Test this integration from a different browser or Incognito mode.
- Make sure new users can log-in from the test URL without having to be invited first.
- If any of the test fail, you can try again by repeating above steps. If issue persists, please reach out to CircleHD Support at support@circlehd.com.
Activate SSO throughout the site
When above Steps and Tests are successful, you have dual authentication mode turned on. Your users will automatically be provisioned when logging in via SSO. However when they access URL directly they will be prompted to enter password.
To activate SSO throughout the site: Please Contact CircleHD support at support@circlehd.com
Help & Support
If you need help anytime during the process you can send a request via https://www.circlehd.com/contactus/
or contact CircleHD support at support@circlehd.com