Search Results :

×

HubSpot Single Sign-On (SSO) using Keycloak as Identity Provider

HubSpot Single Sign-On (SSO) using Keycloak as Identity Provider


miniOrange HubSpot OAuth Single Sign-On (SSO) application enables secure login into HubSpot CMS landing pages, blogs and other pages using Keycloak as OAuth provider. It supports advanced Single Sign-On (SSO) features such as user profile Attribute mapping, etc.

Here we will go through a guide to configure SSO between HubSpot and Keycloak. By the end of this guide, users should be able to login to HubSpot from Keycloak. To know more about miniOrange HubSpot OAuth Single Sign-On plugin and other HubSpot Integrations, you can click here.

Feel free to contact us at hubspotsupport@xecurify.com to know more about how to install the miniOrange HubSpot OAuth Single Sign-On app.


Pre-requisites : Download And Installation

  • Log into your HubSpot account as an admin.
  • Click here to install miniOrange HubSpot OAuth Single Sign-On (SSO) app. Or you can install our app from HubSpot Marketplace .

Steps to configure HubSpot Single Sign-On (SSO) Login with Keycloak as Identity Provider

1. Setup Keycloak as OAuth Provider

  • First of all, Download Keycloak and install it.
  • Start the keycloak server based on your keycloak version. (See table below)
  • For the Keycloak Version 17 and above

    Go to the Root Directory of keycloak bin kc.bat and run the below commands.
    1. kc.bat build
    2. kc.bat start-dev

  • Add Realm : Now login to Keycloak administration console and navigate to your desired realm. Click on master and then Create Realm button.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Add realm
  • Enter Realm Nameand click on Create button.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Create realm
  • Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client Id (It can be any character number, etc. Keep it handy as we will require it later while configuring miniOrange Single Sign-On app) and select client protocol openeid-connect and Click Next.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Create client Keycloak Single Sign-On (SSO) - Keycloak OAuth - Add client id
  • Enable the Client Authentication and Authorization toggle and Click on next.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Enable toggle
  • In the Login settings and enter your Valid Redirect URL/Callback which you will get from your miniOrange Single-sign-on app present on your Client side under the CallBack URLs text field.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - callback url
  • Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring miniOrange Single Sign-On app.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Copy client secret
  • Add User: We need to add users to the realm who can perform SSO to get your HubSpot content. Click on the Users and Click on Create a new user to Add a new User.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Add user
  • You can now create a user by filling out the required details and clicking the Create button.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Add user
  • Now, go to Credentials to set up the password for the created user. Click on the Set Password button.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Add user
  • Enter the password of your choice and click on the Save button.
  • Keycloak Single Sign-On (SSO) - Keycloak OAuth - Add user

2. Setup HubSpot as OAuth Client

  • Install the miniOrange Single Sign-On (SSO) app on your HubSpot account and Click on Connect App.
  • Enable  HubSpot Single Sign-On(SSO)  Login using Keycloak as Identity Provider
  • You will see the following screen where you need to fill in the require details ( Refer the below table).
  • Click on Save button and then Test Configuration.
  • Client ID : from the step 1 above
    Client Secret : from the step 1 above
    Scope: openid
    Authorize Endpoint: https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/auth
    Access Token Endpoint: https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/token
    Get User Info Endpoint: https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/userinfo
    Enable  HubSpot Single Sign-On(SSO) Login using Keycloak as Identity Provider
  • After clicking the Test Configuration button, you will be redirected to Keycloak login page. Enter your Keycloak user credentials to login.
  • Enable  HubSpot Single Sign-On(SSO)  Login using Keycloak as Identity Provider
  • After successful login, you will see the following screen.
  • Enable  HubSpot Single Sign-On(SSO)  Login using Keycloak as Identity Provider

3. Restrict public access to HubSpot website/ pages/ content (Landing Page or Blog)

    Restricting access to your HubSpot website can help to protect your pages from unauthorized access. By restricting access, you can ensure that only authorized users can view and interact with your pages. This can be useful for protecting sensitive information. This will allow you to restrict access to your HubSpot pages / content as visitors will be needed to login first and then they will be able to access the HubSpot page. This will also help you to track your vistors and also generate potential leads.


  • Go to Page Restriction tab, and here you will see your HubSpot pages.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Keycloak as Identity Provider
  • Select the checkbox next to the page you wish to protect from unauthorized users and click Save to save the information.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Keycloak as Identity Provider
  • Once you go to the page URL that you restricted, you will see the following screen and required to put in Login Credentials of your Identity Provider.
  • Enable  HubSpot Single Sign-On(SSO)  Login using Keycloak as Identity Provider
  • Fill in the login credentials and click Login, you will be redirected to the website page successfully.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Keycloak as Identity Provider

4. Track your visitors (Contact Sync)

  • After a user logs in through the Single Sign-On feature, a contact will be created which includes his details that are received from the (Identity Provider) for the particular user.
  • If you would like to sync the contact details, go to the Contact Sync tab and ensure the Enable Sync option has been enabled. Then map the Attribute Names from the OAuth provider.
  • Hubspot Contacts Page
  • This can be very useful for generating leads, as it allows you to quickly and easily add new contacts to your HubSpot marketing and sales pipelines. By using contact sync, you can ensure that your HubSpot account is always up-to-date with the latest information about your leads and customers (site visitors), which can help you to more effectively target your marketing efforts and generate more qualified leads.
  • Hubspot Contacts Page

Additional Resources


Need Help?

Mail us on hubspotsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.




Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com