SAML SSO

Enterprise customers can set up SAML SSO to authenticate their team members. This allows team members to log in more easily and securely without needing to remember a separate password.

How it works

After you enable SAML SSO for your domain, any user with an email address from that domain will be able to log in using your identiy provider.

• Hyvor Talk - Team members can be added as moderators and admins to moderate websites. Note that user-facing SSO (ex: for commenting) works differently in Hyvor Talk. See Hyvor Talk SSO.
• Hyvor Blogs - Team members can be added as authors, editors, etc. in blogs for writing, editing, and publishing articles.

Prerequisites

• You must have an Enteprise account. If you don't have one, see our enterprise offering.
• You must have a SAML 2.0 identity provider (IdP).
• You must have a verified domain. This maybe handled by our team in the Enterprise onboarding process.

SAML Configuration

You can configure SAML SSO in the Enterprise settings page.

• Click the "Update SAML Configuration" button.
• Enter the SAML Metadata URL provided by your identity provider, and click Fetch.
• Verify the configuration details and click Configure.

Alternatively, you can manually enter the SAML configuration details.

Authentication (Login & Signup)

To log in or sign up using SAML SSO, users must click the "Log in with SSO" button on the login page and enter their work email address.

Then, they will be redirected to your identity provider's login page. Once SAML authentication is successful, they will be logged in to Hyvor. If the user doesn't have an account in Hyvor, a new account will be created automatically.

Force SAML SSO

You can force users to log in users SAML SSO. When you enable this option, users will not be able to use other login methods (email/password, etc.) to log in to HYVOR.

You can find this option in the Enterprise settings page. Make sure that SAML login is working properly before enabling this option.