Acquisition complete HashiCorp officially joins the IBM family. Learn more
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Set up SAML SSO

This page describes the process to set up SAML integration for HCP single sign-on. You can configure HCP for either Okta OIDC or Okta SAML integrations. You can configure HCP for OIDC SSO with the following identity providers:

  • Auth0
  • AWS
  • Azure Entra ID
  • Cyberark
  • Duo Security
  • Google Cloud
  • JumpCloud
  • Okta
  • One Login
  • PingID

Prerequisites

To set up SSO, you must have admin permissions for your HCP organization. Refer to organizations for more information.

Verify domain

You need a DNS record (secret value to set as TXT) to prove ownership of a domain. HCP uses the domain to match the email addresses for SSO. You must use different SSO domains for each HCP organization. If you try to reuse a domain name, the DNS connection request will fail.

To verify your domain:

  1. Copy the verification TXT record from the HCP SSO configuration to the DNS records of any email domains your organization uses.
  2. Return to the HCP Settings page and add your email address domains.
  3. Click Verify domains.

If the verification is successful, you can continue configuring SSO. If the request fails, your changes to the DNS records may not have propagated yet. It can take up to 72 hours.

Enable SAML SSO for HCP

After your domain is verified, you can set up SAML SSO.

Initiate integration on HCP

  1. Log in to HCP and go to your organization.
  2. From your organization, click Organization settings.
  3. Click SSO. Then click Configure SSO for your organization.
  4. Select SAML.
  5. Copy the following values to enter into your identity provider.
  • SSO Sign-On URL
  • Entity ID
  • Email Attribute Assertion Name

Open a new tab in your web browser to continue the configuration with your preferred identity provider.

Configure Auth0

Follow the steps to manually configure Auth0 SSO integrations.

Enter the following values from HCP into your Auth0 environment.

  • SSO Sign-On URL
  • Entity ID
  • Email Attribute Assertion Name

Continue integration on HCP

Return to HCP. Enter the following information from your identity provider.

  • SAML IDP Single Sign-On URL
  • SAML IDP Certificate

Complete SSO setup

  1. Assign a default organization role for users.
  2. Optionally, turn on Assign users an organization role.
  3. Click Save.

Now users can sign in to your HCP organization using an existing identity provider.

Next steps