Integrate SAML 2.0 single sign-on (SSO)

The SAML 2.0 Single Sign-On integration allows your users to sign into an external system (like your company's intranet or platform) and automatically get authenticated into HowToo without needing to login separately.

This article will guide you through the set up of this integration.

Important: The learner must already have an account in the HowToo platform for authentication to succeed.
 

Authentication flow

The HowToo SAML 2.0 implementation supports IdP-initiated SSO. To do this:

1. The user logs in directly to their IdP portal.
2. The user selects the HowToo application from their available apps.
3. The IdP sends an authenticated SAML response to HowToo’s ACS endpoint.
4. HowToo verifies the response and grants access.

Integration requirements

HowToo provides the following details for your IdP configuration:

• Entity ID: https://api.howtoo.co/v1/auth/saml
• Assertion Consumer Service (ACS) URL: https://api.howtoo.co/v1/auth/saml/callback
• NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
• Binding: HTTP-POST
• Signature and encryption: Supported (RSA-SHA256)

Your IdP must be configured to send SAML assertions to HowToo using the above endpoints. The following are the mandatory attributes:

• siteURL: your company’s HowToo url
• email - maps to user's email in your IdP
• firstName - maps to user's first name in your IdP
• lastName - maps to user's last name in your IdP

Other IdP info required by HowToo:

• IdP Entity ID/Issuer name - this is a unique name for your SAML app in your IdP 
• IdP certificate

Configure SAML 2.0 SSO

Once integrated, Admins can now configure SAML SSO in HowToo. To do this:

1. Go to Settings > Dashboard > Integrations.
2. Locate SAML SSO from the available integrations, then select ‘Configure’.
3. Enter your IdP details.
4. Optionally enable user auto-provisioning and configure timing settings.
5. Save and test the configuration.

Customers will also be able to configure SP-initiated SSO:

1. The user navigates to the HowToo login page.
2. The user selects ‘Login via SSO’.
3. The user is redirected to the IdP for authentication.
4. Upon successful login, the IdP returns a signed SAML assertion to HowToo’s Assertion Consumer Service (ACS) endpoint.

HowToo then verifies the assertion and grants access.