With HyperComply's ability for different SAML IDP configurations, it’s easier than ever to enable your team to authenticate into HyperComply within your SAML IDP provider instead of the usual email and password combination.
Process description:
This article will allow organizations to configure Azure as their SAML IDP for HyperComply by creating the required HyperComply Azure “Enterprise Application”. Any user that logs into HyperComply via Azure after completing this process will have an account created for them (if they don’t already have an account).
Prerequisites:
- Access to Azure Admin Portal and ability to add/configure custom SAML apps
- Note: If you are experiencing issues accessing Azure, please contact your Azure Admin or CSM as HyperComply has limited access
- Admin access for HyperComply
- Reach out to your CSM if you are not able to access the SAML configuration page in step 1
Gathering materials/resources:
How to contact your CSM:
- Email your CSM directly
- If you are unsure who is your CSM, please contact HyperComply Support through our Support Request Portal here
Step-by-step instructions:
- Navigate to the HyperComply SAML configuration page by clicking here or copy and paste the URL below into your browser:
- https://app.hypercomply.com/settings/saml_config
- Copy the value of the “SAML ACS Endpoint” at the bottom of the screen
- Keep this tab open and complete the steps below, you will need to enter some values from OneLogin on this screen at the end of this process.
- Open a new tab and log into your Azure Admin Portal
- Navigate to the Azure Active Directory > Enterprise Applications settings page
- Click New Application and then Create your own application
- Name the new application according to your normal naming convention or we recommend HyperComply as best practice
- Select Integrate any other application you don’t find in the directory
- Click Create
- Navigate to Users and group in the left pane and assign yourself as a user to test the integration
- Navigate to Single sign-on in the left pane and choose SAML
-
Click Edit for the Basic SAML Configuration section
-
Add the SAML ACS Endpoint value you copied from HyperComply into the “Identifier (Entity ID)” and check the Default checkbox next to this value.
- Note: If there is a default value in this field that was there when you opened the page, this can be deleted and replaced
- Also add the SAML ACS Endpoint value you copied from HyperComply into the “Reply URL (Assertion Consumer Service URL)”
- Click Save
-
Add the SAML ACS Endpoint value you copied from HyperComply into the “Identifier (Entity ID)” and check the Default checkbox next to this value.
-
Under the SAML Signing Certificate section, copy the URL shown in the “App Federation Metadata URL” field
- Open the URL in a new tab, this will show a large XML document.
-
Search for X509Certificate
-
Copy the first value found into the “IDP Certificate” field in HyperComply
- Note: It should be roughly 1000 characters long
-
Copy the first value found into the “IDP Certificate” field in HyperComply
- Back on the Single sign-on screen, scroll down to Step 4 (‘Set up {application name}’).
- Copy the value marked as Login URL and paste it into the “IDP Endpoint URL” in HyperComply
- It should look something like:
- Copy the value marked as Login URL and paste it into the “IDP Endpoint URL” in HyperComply
‘https://login.microsoftonline.com/92977eee-c4e2-43ab-0000-90b900001843/saml2’
- Copy the value marked as Microsoft Entra Identifier and paste it into the “IDP Entity ID” field in HyperComply
- It should look something like:
‘https://sts.windows.net/92977eee-c4e2-43ab-0000-90b900001843/’
- Check the Enable SAML box in HyperComply and click Save
-
In the final Test single sign-on with HyperComply section, click Test
- Select Sign in as current user and click Test Sign In
- You should be logged into HyperComply successfully
Tips and best practices:
Use two monitors or side by side browser windows
Have one monitor display two browser windows open side by side to easily copy and paste information from Azure into HyperComply while the other monitor has this article open for instructions.
Additional information:
Allowing Azure users to log into HyperComply can be done by adding and removing Organizational Units to the SAML application through the Azure admin portal.
Disclaimer/Notes:
If there are any errors or incorrect information from within your Azure Admin portal, please speak to your Azure point of contact as HyperComply does not have the necessary access to adequately provide support.
If you have any further questions or troubles regarding your setup, submit a request to our team here.