Home Pricing Self-hosted docs API docs Login

Overview

Setting up SSO access to your Hava account

PreviousSSO/SAML NextAzure AD - SAML Setup

Last updated 1 year ago

Was this helpful?

Overview

Setting up SSO access to your Hava account

You can use SSO to protect access to your organisation's data in Hava. Hava currently supports SAML and OIDC providers.

Adding a Provider

To configure SSO for your account you must be an account owner. Head over to Account Settings and select SSO Config to get started. At the moment Hava supports custom SAML and OIDC providers, but platform specific apps will be available soon.

For instructions on setting up your provider you can see the following pages:

Enabling a Provider

Once you’ve configured your provider your team members will still be able to login to your account with their standard user and password, as well as the SSO provider. This allows you to test and update the details, or remove them if they are no longer required.

Once you have defined your configuration you can enable your provider - this will prevent users accessing your account unless they are logged in via your SSO provider.

Once a provider is enabled all users will need to login through your IDP to access your account, except for the account owner. If you need to modify or delete your configuration you will first need to disable the provider.

Disabling and Deleting SSO

If you no longer require a configured SSO provider, or you’d like to move to a new one, you can delete your existing configuration. Your provider must be disabled for the delete option to appear.

Once your SSO provider is removed your team members will once again be able to access your account through password login.

FAQ

Do you support auto-provisioning?

Not at this time. Any users you wish to use SSO must be first invited to a team in your account. Once they accept the invite they will be able to access your account.

What happens if a user leaves the company?

You will need to make sure they are removed from all teams in your account. If they are no longer in your SSO IDP they will not be able to login via SSO to access your account as well.

Can we use multiple SSO providers?

At the moment Hava only supports a single IDP per account, but we are looking to add support for more in future.

Can I import my groups from my IDP?

Teams must be created in Hava and users assigned manually at this time.

I can’t see the Single Sign On option in my account