8000 Update single-sign-on-sso-via-saml.md · beingmoin/docs.hackerone.com@4b74ee4 · GitHub
[go: up one dir, main page]
Skip to content

Commit 4b74ee4

Browse files
stacyspivastacyspiva
authored
Update single-sign-on-sso-via-saml.md
1 parent 3a28177 commit 4b74ee4

File tree

1 file changed

+23
-12
lines changed

1 file changed

+23
-12
lines changed

docs/programs/single-sign-on-sso-via-saml.md

Lines changed: 23 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -96,16 +96,27 @@ When the primary certificate isn't used anymore, you can promote the alternative
9696

9797
### Changing Identity Providers
9898

99-
On occasion, you need to switch your identity provider. In order to provide a more seamless self service configuration, we suggest following the following steps:
100-
101-
1. Be sure to record the information from your prior identity provider configuration
102-
2. Preconfigure your new identity provider with HackerOne information
103-
3. Go to **Program Settings > General > Authentication**.
104-
> **Note:** Steps 4 - 7 will make your SAML authentications temporarily unavailable, be sure to communicate this to the program members as needed
105-
4. Disable your current configuration by clicking "Disable SAML"
106-
5. When prompted uncheck the "Send password reset to affected users"
99+
If you need to change your identity provider at any time, to provide a more seamless self-service configuration, you can follow these steps:
100+
101+
1. Copy this information from your prior identity provider configuration:
102+
103+
Field | Details
104+
------ | ------
105+
Domain | The domain for users that was required to use SAML authentication.
106+
Single Sign On URL | The URL from your SAML provider to initiate a single sign-on attempt, sometimes called the login URL.
107+
X509 Certificate | The certificate from your SAML provider to verify the single sign-on response.
108+
109+
2. Preconfigure your new identity provider on your provider's site with information from HackerOne. Depending on your provider, you may need HackerOne's metadata endpoint and ACS URL. You can find that along with other helpful information [here](sso-faqs.html).
110+
* If you're using [Google](google-sso-saml-setup.html), [Okta](okta-sso-saml-setup.html), or [OneLogin](onelogin-sso-saml-setup.html), you can use the resources on our docs site for configuring those identity providers (more links are at the top of this page).
111+
112+
3. Go to **Program Settings > General > Authentication** in HackerOne.
113+
> **Note:** Steps 4 - 7 will make your SAML authentications temporarily unavailable. Be sure to communicate this to your program members as needed.
114+
4. Disable your current configuration by clicking **Yes, disable SAML**.
115+
5. Uncheck the check box for **Send password reset emails to affected users."
107116
![SAML Disable modal](./images/saml-disable-modal.png)
108-
6. Re-configure your SAML configuration with the new identity provider information, run a test and verify the settings
109-
7. When enabling SAML for your setup again, indicate to NOT notify users
110-
![SAML Enable modal](./images/saml-enable-modal.png)
111-
8. If at anytime testing doesn't work or you encounter issues, revert to the recorded information for the prior identity provider
117+
6. Re-configure your SAML configuration with the new identity provider information by following steps 1-12 [here](single-sign-on-sso-via-saml.html#set-up).
118+
7. Make sure the checkbox for *Notify existing users that SAML is enabled** is unchecked when the **Enable SAML** window pops up.
119+
8. Click **Enable**.
120+
![SAML Enable modal](./images/saml-enable-modal.png)
121+
122+
If at anytime testing doesn't work or you encounter issues, revert to the recorded information for the prior identity provider.

0 commit comments

Comments
 (0)
0