One of the SAML providers you can use is AzureAD.
In order to get started with AzureAD, you will need:
- Azure account with admin permissions.
- All users are provisioned in Azure with the same exact email address. We don't create new user accounts with SSO.
- Administrator level access in Hudu.
- Microsoft Account with Azure AD Premium activated.
- Sign in to the Azure Portal (https://portal.azure.com/). Click Azure Active Directory.
- Click Enterprise Applications.
- Click to add a + New Application.
- On the next screen, click: Non-Gallery Application.
- Give the application a name like Hudu SSO. If you don't have Azure AD Premium, you won't be able to add a name. When you have named your application, click Add.
- Click Users and Groups and assign users to this application. Click + Add User to add users. Remember, users must have the same exact email address as their Hudu email to be signed in.
- Then, click Single sign-on to configure SSO. Click SAML.
Setting up Single Sign On
There are now 5 steps you need to complete to configure SSO.
Basic SAML Configuration
- Click the Pencil Icon next to Basic SAML Configuration.
- Enter the following in the fields:
- Identifier (Entity ID): Enter your Hudu URL, e.g. https://docs.mywebsite.com
- Reply URL (Assertion Consumer Service URL): Enter
- Sign on URL: Enter
- Relay State: You can skip filling this in.
- Logout URL: Enter a URL where Hudu can redirect users after they sign out.
- Make sure to replace docs.mywebsite.com with your URL and subdomain. There is also no trailing slash at the end of the URL.
User Attributes & Claims
- Click the Pencil Icon next to User Attributes & Claims box.
- Click on Unique User Identifier (Name ID)
- Now, change the Source attribute to user.mail and click Save.
SAML Signing Certificate
- Click the Pencil Icon next to SAML Signing Certificate box.
- Enter in an email to get notifications and click Save.
Final Setup Instructions
Finally, click on the 4th box that says Set up <application-name>. Click on Step-by-step Instructions. Leave this page open as you configure Hudu.
The final step is configuring Hudu so you can utilize SSO.
- Login to Hudu and click the Admin cog on the sidebar.
- Click General.
- Click Configure Single Sign-On.
- Enter the details you found on the previous steps in to the form.
- Copy the Azure AD Identifier and paste in to the SAML Issuer URL.
- Copy the SAML Single Sign-On Service URL and paste in to the SAML Login Endpoint.
- Copy the Sign-Out URL and paste in to the SAML Logout Endpoint.
- Copy the thumbprint that was generated and paste in to the SAML Fingerprint field.
- Download and copy the Base 64 encoded certificate and paste in to the SAML Certificate field. Make sure there is no extra space trailing at the end!
- Click "Enable Single Sign-On".
- Hit "Update SAML Details" and SAML should now be activated.
Open an incognito window and try and access Hudu. You should be redirected to the login page, where you will see a "Use Single Sign On (SSO)" button. If you are able to successfully login via this button, your SAML is working!
Disabling password access for non-administrators
You have the option to disable password logins for non-administrators (users that are not super admins or admins). Click "Disable Password Access for non-Admins" and all users below admin will have to use single sign on