Search Results :

×

Single Sign-On for HubSpot using Office365/Outlook as Identity Provider


With Single Sign-On for HubSpot , users can securely access HubSpot CMS landing pages, blogs, and other pages using Office365 / Outlook as OAuth provider. It supports advanced Single Sign-On (SSO) features, including attribute mapping for user profiles.

Here is a guide to setting up SSO between HubSpot and Office365 / Outlook. By the end of this guide, you should be able to log in to HubSpot from Office365 / Outlook. Click here to learn more about Single Sign-On for HubSpot and other HubSpot integrations.

Feel free to contact us at hubapps@xecurify.com to know more about how to install Single Sign-On for HubSpot.


Pre-requisites : Download And Installation


Steps to configure HubSpot Single Sign-On (SSO) Login with Office365 / Outlook as Identity Provider

Step 1: Setup Office365 / Outlook as OAuth Provider

  • Sign in to Azure portal.
  • Select Azure Active Directory.
  • Office365 / Outlook Single Sign-on (SSO) - Login
  • In the left-hand navigation panel, click the App registrations service, and click New registration.
  • Office365 / Outlook Single Sign-on (SSO) - App-Registration
  • Configure the following options to create a new application.
    • Enter a name for your application under the Name text field.
    • In supported account types, select 3rd option ‘Accounts in any organizational directory (for authenticating user with user flows).
    • In the Redirect URI section, select the Web application and enter the Callback URL from the miniOrange HubSpot OAuth app and save it under the Redirect URL textbox.
    • Click on the Register button to create your application.
    Azure AD B2C Single Sign-on (SSO) - Create
  • Azure AD assigns a unique Application ID to your application. The Application ID is your Client ID and the Directory ID is your Tenant ID, keep these values handy as you will need them to configure the miniOrange Single Sign-On (SSO) app.
  • Office365 / Outlook Single Sign-on (SSO) - Overview
  • Go to API permissions from the left navigaton panel and click on Add permissions. Then select Office 365.
  • Secure Access with Office 365 Single Sign-On (SSO)-Overview
  • Select permissions and click on Add Permissions button.
  • Secure Access with Office 365 Single Sign-On (SSO)-Request-api-permissions
  • Go to Certificates and Secrets from the left navigaton panel and click on New Client Secret. Enter description and expiration time and click on ADD option.
  • Office365 / Outlook Single Sign-on (SSO) - secret-Key
  • Copy the secret key "value" and keep the value handy it will be required later to configure Client Secret under the miniOrange Single Sign-On (SSO) app.
  • Office365 / Outlook Single Sign-on (SSO) - Secret-Key-2

You have successfully configured HubSpot SSO using Office 365/Outlook as an OAuth Provider, enabling users to login with their Office 365/Outlook login credentials to HubSpot. The HubSpot Single Sign-On solution provides improved security & user experience.


Step 2: Setup HubSpot as OAuth Client

  • Go to the miniOrange Single Sign-On (SSO) app and login with your credentials.
  • Choose your account by clicking on Choose Account button.
  • Enable  HubSpot Single Sign-On(SSO)  Login using AWS Cognito as Identity Provider
  • After that Click on the right icon for accessing the application.
  • Enable  HubSpot Single Sign-On(SSO)  Login using AWS Cognito as Identity Provider
  • Go to the miniOrange’s Single Sign On app dashboard and click on App Configurations tab.
  • Enable  Hubspot Single Sign-On(SSO)
  • Here, select your application and click on it. If your app is not present here you can create a custom OAuth 2.0 or OIDC (Open ID Connect protocol) app as per your provider's implementation.
  • Enable Hubspot Single Sign-On(SSO)
  • Enter the Login Button Text and copy the Callback URL to set up the Identity Provider ( Third Party App) you would like to authenticate with.
  • Enable Hubspot Single Sign-On(SSO)
  • To enable Single Sign-On (OAuth SSO), enter the Client ID, Client Secret, Scope, and allow Send in Header and Endpoints from Azure AD (refer to the below table).
  • Client ID Click Here
    Client Secret Click Here
    Scope openid profile email
    Header / Body Setting Enable the Send in Header parameter option
    Authorize Endpoint: https://login.microsoftonline.com/<tenant-id>/oauth2/authorize
    Access Token Endpoint: https://login.microsoftonline.com/<tenant-id>/oauth2/token
    Enable HubSpot Single Sign-On(SSO)  Login using Office365 / Outlook as Identity Provider
  • When you have filled out all the details, click the Save & Test Configuration button.
  • Enable HubSpot Single Sign-On(SSO) Login using Office365 / Outlook as Identity Provider
  • After successful login, you will see all the values returned by your Office365/Outlook to HubSpot in a test configuration table.
  • Enable HubSpot Single Sign-On(SSO) Login using Office365 / Outlook as Identity Provider
   Enable HubSpot Single Sign-On(SSO) Login using Office365 / Outlook as Identity Provider

Step 3: Configure Page Restriction into the HubSpot ( Website, Landing Pages, Blogs, Knowledge Base )

Our Page Restriction feature allows you to protect your HubSpot website from unauthorized access. It is useful for securing sensitive information. Using this method, you can restrict access to HubSpot pages/content. Visitors will need to sign in before accessing HubSpot pages.

  • After you have received the test configuration result, click on the Page Restriction tab.
  • Enable  Hubspot Single Sign-On(SSO)
  • Select the checkbox next to the page you wish to protect from unauthorized users and click Save to save the information.
  • Enable  Hubspot Single Sign-On(SSO)
  • Once you go to the page URL that you restricted, you will see the login window of your identity provider where you'll enter your credentials.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook as Identity Provider
  • After logged in, you will be redirected successfully to the website page.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook Identity Provider

Step 4: Configure Contact Sync in HubSpot

Contact synchronization is a powerful feature that enables seamless integration and synchronization of contact information between HubSpot and external platforms or applications. With Contact Sync, you can ensure that your customer data is up to date, accurate, and consistent across multiple systems, saving you time and eliminating manual data entry.


  • To sync the contact details, go to the APP Configurations tab and choose the provider you created.
  • Click on the Edit icon below the Contact Attribute Mapping option.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook Identity Provider
  • You will see the HubSpot Contact Attributes and IDP Attributes option, Map your HubSpot contact attribute with a third-party application / IDP attribute received in the test configuration result. Additionally, if multiple attributes are required, you can add them using the Custom Attribute Mapping option.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook Identity Provider
  Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook Identity Provider
  • After adding all the attributes, make sure you have enabled the Contact sync option. Click on the Save button.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook Identity Provider
  • You can now find the contact in HubSpot Contacts. This is a great way to generate leads, as it allows you to quickly and easily add new contacts to your HubSpot sales and marketing pipelines. Contact sync allows you to ensure that your HubSpot account is always updated with the latest information about your leads and customers (site visitors), which can help you generate more qualified leads.
  • Enable  Hubspot Single Sign-On(SSO)  Login using Office365 / Outlook Identity Provider

Step 5: How to uninstall our app from a HubSpot portal

  • To uninstall our app, go to your HubSpot account and click on Settings icon.
  • Enable  Hubspot Single Sign-On(SSO)
  • Go to Integrations and click on Connected Apps.
  • Enable  Hubspot Single Sign-On(SSO)
  • You will see the list of app, select our app and click on Actions button. And then click on Unistall option.
  • Enable  Hubspot Single Sign-On(SSO)
  • Type "uninstall" below to continue and click uninstall button.
  • Enable  Hubspot Single Sign-On(SSO)

Step 6: How to disconnect the app from HubSpot?

  • Go to the Page Restriction tab.
  • Enable  Hubspot Single Sign-On(SSO)
  • Deselect your HubSpot pages as shown in the screenshot below and click on the Save button. This will disconnect our app for SSO from your HubSpot portal.
  • Enable  Hubspot Single Sign-On(SSO)

Congratulations! You have successfully disconnected HubSpot Single Sign-On by miniOrange application.


Troubleshooting / FAQs

I get the following: {"status":"failed","message":"Error in fetching the token from the OAuth provider."}

  • Make sure you have checked one or both of the following checkboxes in the “HubSpot App configuration” setting.
  • If your IdP needs the credentials in the header, you will need to check the Header checkbox.
  • Save the configuration and then click test configuration.
  • If this does not solve your problem, you can try selecting both the Header and Body checkboxes.
  • Likewise, if your IdP needs the credentials in the body, you have to select the Body checkbox.
  • Once you have checked the appropriate checkboxes, you will get the attributes table in the test configuration window.

My test configuration was successful but when I try to log in I am stuck in a redirect loop.

There are a couple of reasons why this can happen:

1. Caching is enabled on the website.

When auto-redirect is enabled, the user is redirected to IDP login page and after logging in back to the main site but as caching is enables it redirects to the IDP login page hence a loop.

2. HTTP/HTTPS discrepancy:

This happens when HTTPS is not enforced on the site but is configured on IDP side with HTTPS URL.This can be solved by enforcing HTTPS on the site by defining a redirect rule in the .htaccess file or at the Apache level.

3. Cookie adulteration:

The cookie created by the plugin after logging in the user is altered by another plugin which causes the user to not log in WordPress site but the session is created on IDP.

Getting Error : ‘Invalid Response’

There can be 2 possibilities:

  1. Either your App supports OAuth 2.0 protocol and you’ve configured with OpenID Connect protocol and vice-versa. In this case, if you’ve configured the App using Custom OAuth2.0 App, reconfigure it with Custom OpenID Connect App and if you’ve configured the App using Custom OpenID Connect App, reconfigure it with Custom OAuth 2.0 App. It should fix this issue for you.
  2. If the above solution doesn’t work then the other possibility is your app/provider doesn’t follow the standard OAuth 2.0/ OpenID Connect protocol. In this case, get in touch with hubapps@xecurify.com with your app/provider request/response format documentation and technician will get back to you with a solution.

I am getting the error message "Invalid response received"

To fix this issue, please configure the correct Token and User info endpoint in the HubSpot SSO application endpoint table. You can confirm the correct format of the endponit from HERE.

Additional Resources


Need Help?

Mail us on hubapps@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com