HubSpot Single Sign-On (SSO) using Keycloak as Identity Provider
HubSpot Single Sign-On (SSO) using Keycloak as Identity Provider
miniOrange HubSpot OAuth Single Sign-On (SSO) application enables secure login into HubSpot CMS landing pages, blogs and other pages using Keycloak as OAuth provider. It supports advanced Single Sign-On (SSO) features such as user profile Attribute mapping, etc.
Here we will go through a guide to configure SSO between HubSpot and Keycloak. By the end of this guide, users should be able to login to HubSpot from Keycloak. To know more about miniOrange HubSpot OAuth Single Sign-On plugin and other HubSpot Integrations, you can click here.
Feel free to contact us at hubspotsupport@xecurify.com to know more about how to install the miniOrange HubSpot OAuth Single Sign-On app.
Pre-requisites : Download And Installation
- Log into your HubSpot account as an admin.
- Click here to install miniOrange HubSpot OAuth Single Sign-On (SSO) app. Or you can install our app from HubSpot Marketplace .
Steps to configure HubSpot Single Sign-On (SSO) Login with Keycloak as Identity Provider
1. Setup Keycloak as OAuth Provider
- First of all, Download Keycloak and install it.
- Start the keycloak server based on your keycloak version. (See table below)
| For the Keycloak Version 17 and above |
Go to the Root Directory of keycloak bin kc.bat and run the below commands.
|
- Add Realm : Now login to Keycloak administration console and navigate to your desired realm. Click on master and then Create Realm button.
- Enter Realm Nameand click on Create button.
- Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client Id (It can be any character number, etc. Keep it handy as we will require it later while configuring miniOrange Single Sign-On app) and select client protocol openeid-connect and Click Next.
- Enable the Client Authentication and Authorization toggle and Click on next.
- In the Login settings and enter your Valid Redirect URL/Callback which you will get from your miniOrange Single-sign-on app present on your Client side under the CallBack URLs text field.
- Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring miniOrange Single Sign-On app.
- Add User: We need to add users to the realm who can perform SSO to get your HubSpot content. Click on the Users and Click on Create a new user to Add a new User.
- You can now create a user by filling out the required details and clicking the Create button.
- Now, go to Credentials to set up the password for the created user. Click on the Set Password button.
- Enter the password of your choice and click on the Save button.
2. Setup HubSpot as OAuth Client
- Install the miniOrange Single Sign-On (SSO) app on your HubSpot account and Click on Connect App.
- You will see the following screen where you need to fill in the require details ( Refer the below table).
- Click on Save button and then Test Configuration.
- After clicking the Test Configuration button, you will be redirected to Keycloak login page. Enter your Keycloak user credentials to login.
- After successful login, you will see the following screen.
| Client ID : | from the step 1 above |
| Client Secret : | from the step 1 above |
| Scope: | openid |
| Authorize Endpoint: | https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/auth |
| Access Token Endpoint: | https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/token |
| Get User Info Endpoint: | https://<keycloak domain>/realms/{realm-name}/protocol/openid-connect/userinfo |
3. Restrict public access to HubSpot website/ pages/ content (Landing Page or Blog)
Restricting access to your HubSpot website can help to protect your pages from unauthorized access. By restricting access, you can ensure that only authorized users can view and interact with your pages. This can be useful for protecting sensitive information. This will allow you to restrict access to your HubSpot pages / content as visitors will be needed to login first and then they will be able to access the HubSpot page. This will also help you to track your vistors and also generate potential leads.
- Go to Page Restriction tab, and here you will see your HubSpot pages.
- Select the checkbox next to the page you wish to protect from unauthorized users and click Save to save the information.
- Once you go to the page URL that you restricted, you will see the following screen and required to put in Login Credentials of your Identity Provider.
- Fill in the login credentials and click Login, you will be redirected to the website page successfully.
4. Track your visitors (Contact Sync)
- After a user logs in through the Single Sign-On feature, a contact will be created which includes his details that are received from the (Identity Provider) for the particular user.
- If you would like to sync the contact details, go to the Contact Sync tab and ensure the Enable Sync option has been enabled. Then map the Attribute Names from the OAuth provider.
- This can be very useful for generating leads, as it allows you to quickly and easily add new contacts to your HubSpot marketing and sales pipelines. By using contact sync, you can ensure that your HubSpot account is always up-to-date with the latest information about your leads and customers (site visitors), which can help you to more effectively target your marketing efforts and generate more qualified leads.
Additional Resources
- HubSpot Single Sign-On (SSO)
- Wordpress HubSpot Single Sign-On(SSO)
- AWS Cognito HubSpot Single Sign-On(SSO)
- HubSpot Security and API Integration
- Protect HubSpot knowledge base content
Need Help?
Mail us on hubspotsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.