HubSpot Single Sign-On (SSO) with Multiple Identity Providers (Multi Tenant)

The miniOrange HubSpot broker Single Sign-On(SSO) solution enables you to integrate HubSpot's enterprise inbuild Single Sign-On(SSO) features seamlessly with multiple Identity Providers (IDPs) or support multiple-tenants.

In this setup guide, we will configure HubSpot Enterprise Single Sign-On(SSO) with multiple identity provider(IDP)/multi-tenants. To know more about Single Sign On for HubSpot and other HubSpot Integrations, you can click here.

Feel free to contact us at hubapps@xecurify.com to know more about how to install the miniOrange Single Sign On for HubSpot app.

Pre-requisites : Download And Installation

• Log into your HubSpot account as an admin.
• Click here to install Single Sign-On for HubSpot by miniOrange or you can install our app from HubSpot App Marketplace.
• Once install go to our app and login with your credentials.
• Choose your account by clicking on Choose Account button.

• After that Click on the right icon for accessing the application.

Step 1: Configure Single Sign-On into the HubSpot pages

• Go to the miniOrange HubSpot App and click on the App Configurations tab.

• Here, select your Identity Provider. If your Identity Provider (IdP) is not present here you can select the Custom OAUTH 2.0 or OIDC (Open ID Connect protocol) app as per your provider's implementation.

• Enter the Login Button Text and copy the Callback URL to set up the Identity Provider ( Third Party App) you would like to authenticate with.

• Now, you require to enter IdP details that are provided by the Identity Provider.You need to enter the Client ID, Client secret, and Scope.You can enable Send in Header/ Send in Body according to your IdP.

• When you have filled out all the details, click the Save & Test Configuration button.

• On successful test, you will see the detailed User Profile by the IdP.

Step 2: Configure HubSpot Enterprise SSO

• To configure the HubSpot Enterprise SSO, go to the miniOrange HubSpot App and navigate to the HubSpot Enterprise SSO tab from the left sidebar.

• Now, we need to fill out the SP metadata shown in the above form and exchange the metadata from HubSpot.
• To get the Audience URI (Service Provider Entity ID) and Sign-on URL, ACS, Recipient, or Redirect, follow the below steps.
• Log in to your HubSpot account. In the sidebar, navigate to Website > Private Content.
• At the top of the page, select the domain for which you want to enable SSO.

• As soon as you choose the domain, you will see the below option to manage SSO appear

• Click on Manage SSO and select SAML for the security token format.

• You will get the Audience URI (Service Provider Entity ID) and Sign-on URL, ACS, Recipient, or Redirect from here.

• Copy both fields and paste them into the miniOrange Enterprise SSO form in the miniOrange HubSpot App.

• Now, select the IDP list (Configured OAuth/OIDC Application ) from the dropdown that you want to use for logging in.
• Here, you can select multiple IDPs, and the selected IDPs will reflect on the login page. If you have only one IDP configured, it will redirect you directly to the IDP login page.
• IDP List (Configured OAuth/OIDC Application):The IDP List is the same as what you have configured in the App Configuration tab.

• In the last step, On the switch, enable the SSO and click on the save button.

• As soon as you save the configuration, you will see the IDP metadata at the right of the screen.

• We need to copy that IDP metadata into your HubSpot Portal > Website > Private Content > Manage SSO.

• The verify button will be enabled when you fill out all the details.

• Click on the verify button You will see a pop-up window appear and it will take you to the login screen You will see a login page with multiple login options if you select multiple IDPs (selected/configured applications) in the miniOrange HubSpot App (HubSpot Enterprise Configuration).

• Otherwise, you will be directly redirected to the IDP login page in the case of a single IDP (selected/configured application), as shown in the below image.

• After successfully authenticating with the selected application, you will see the ‘SSO Setup Successful’ screen on the pop-up window.

Step 3: Test the Single Sign-On (SSO)

• To test the sso, Navigate to your HubSpot portal and open any of the pages you want to enable SSO.
• Click on the More button on the right side of the screen and select the Control audience access option there.

• Select the Single Sign-on (SSO) required option and save the setting.

• When you visit the page URL that you have secured with SSO, you will be directed to your identity provider's login window, where you will enter your credentials.

• After logging in, you will be redirected successfully to the HubSpot page.

Congratulations! You have successfully setup single sign-on using HubSpot broker with our HubSpot app.

Additional Resources

• Single Sign-On for HubSpot by miniOrange
• HubSpot Security and API Integration
• HubSpot Page Protection
• Restrict HubSpot Knowledge Base Content