miniOrange HubSpot OAuth Single Sign-On (SSO) application enables secure login into HubSpot CMS landing pages, blogs
and other pages using Keycloak as OAuth provider. It supports advanced Single Sign-On (SSO) features such as user
profile Attribute mapping, etc.
Here we will go through a guide to configure SSO between HubSpot and Keycloak. By the end of this guide, users
should be able to login to HubSpot from Keycloak. To know more about miniOrange HubSpot OAuth Single Sign-On plugin
and other HubSpot Integrations, you can
click here.
Feel free to contact us at hubspotsupport@xecurify.com to know more about how to install the miniOrange HubSpot OAuth
Single Sign-On app.
Pre-requisites : Download And Installation
- Log into your HubSpot account as an admin.
- Click here to install
miniOrange HubSpot OAuth Single Sign-On (SSO) app. Or you can install our app from HubSpot Marketplace .
Steps to configure HubSpot
Single Sign-On (SSO) Login with Keycloak as Identity Provider
1. Setup
Keycloak as OAuth Provider
- First of all, Download Keycloak and install it.
- Start the keycloak server based on your keycloak version. (See table below)
For the Keycloak Version 17 and above |
Go to the Root Directory of keycloak bin kc.bat and run the below commands.
1. kc.bat build
2. kc.bat start-dev
|
- Add Realm : Now login to Keycloak administration console and navigate to your desired realm. Click on master and then Create Realm button.
- Enter Realm Nameand click on Create button.
- Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client Id (It can be any character number, etc. Keep it handy as we will require it later while configuring miniOrange Single Sign-On app) and select client protocol openeid-connect and Click Next.
- Enable the Client Authentication and Authorization toggle and Click on next.
- In the Login settings and enter your Valid Redirect URL/Callback which you will get from your miniOrange Single-sign-on app present on your Client side under the CallBack URLs text field.
- Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring miniOrange Single Sign-On app.
- Add User: We need to add users to the realm who can perform SSO to get your HubSpot content. Click on the Users and Click on Create a new user to Add a new User.
- You can now create a user by filling out the required details and clicking the Create button.
- Now, go to Credentials to set up the password for the created user. Click on the Set Password button.
- Enter the password of your choice and click on the Save button.
2. Setup HubSpot
as OAuth Client
- Install the miniOrange Single Sign-On (SSO) app on your HubSpot account and Click on Connect App.
- You will see the following screen where you need to fill in the require details ( Refer the below table).
- Click on Save button and then Test Configuration.
Client ID : |
from the step 1 above |
Client Secret : |
from the step 1 above |
Scope: |
openid |
Authorize Endpoint: |
https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/auth |
Access Token Endpoint: |
https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/token |
Get User Info Endpoint: |
https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/userinfo |
- After clicking the Test Configuration button, you will be redirected to Keycloak login page. Enter your Keycloak user credentials to login.
- After successful login, you will see the following screen.
3. Restrict public access to HubSpot website/ pages/ content (Landing Page or Blog)
Restricting access to your HubSpot website can help to protect your pages from unauthorized access. By
restricting access, you can ensure that only authorized users can view and interact with your pages. This can be
useful for protecting sensitive information. This will allow you to restrict access to your HubSpot pages / content as visitors will be needed to login first and then they will be able to access the HubSpot page. This will also help you to track your vistors and also generate potential leads.
- Go to Page Restriction tab, and here you will see your HubSpot pages.
- Select the checkbox next to the page you wish to protect from unauthorized users and click Save to save the information.
- Once you go to the page URL that you restricted, you will see the following screen and required to put in Login Credentials of your Identity Provider.
- Fill in the login credentials and click Login, you will be redirected to the website page successfully.
- Go to you HubSpot dashboard and Click on CMS HUB Free -> Marketing ->Website and choose Webiste Page
or Blog. We have chosen Website Pages for this tutorial.
- Select the page on which you want to enable (Forced Authentication or SSO) and click the Edit button. Here
we have seleceted and HomePage.
- Goto Settings tab and scroll down to Advanced Settings. Copy the script that you see in Step 6 and
paste it inside the HTML section of Advanced Settings and click Publish button.
- Now, if you go to the page in which you included the script, you will see the following screen and required to put
in Login Credentials of your Identity Provider.
- Fill in the login credentials and click Login, you will be redirected to the website page successfully.
4. Track your
visitors (Contact Sync)
- After a user logs in through the Single Sign-On feature, a contact will be created which includes his
details that are received from the (Identity Provider) for the particular user.
- If you would like to sync the contact details, go to the Contact Sync tab and ensure the Enable Sync option has been enabled. Then map the Attribute Names from the OAuth provider.
- This can be very useful for generating leads, as it allows you to quickly and easily add new contacts to your
HubSpot marketing and sales pipelines. By using contact sync, you can ensure that your HubSpot account is always
up-to-date with the latest information about your leads and customers (site visitors), which can help you to more effectively
target your marketing efforts and generate more qualified leads.
Additional Resources
Need Help?
Mail us on hubspotsupport@xecurify.com for quick guidance(via
email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your
requirement.