How to configure SSO for Highfive

Highfive Admin users on the Standard or Professional plan can enable SSO, or single sign-on, which allows your users to login to Highfive with an identity management solution you've already set up. This article will help you configure SSO.

Which providers do you support? 

At this time, we support SSO integration with Okta, OneLogin, Centrify, and Custom SAML 2.0.

In the near future, we will rollout support for more providers. Highfive will use the secure and widely adopted industry standard Security Assertion Markup Language (SAML). Our implementation of SSO will then integrate easily with any large identity provider that supports SAML. Highfive will also use SAML 2.0, so you will be able to use SSO with any SAML-supported identity provider, or create your own SSO implementation. 

Have questions about an additional provider? Send us an email at help@highfive.com

Where do I configure SSO for Highfive? 

In your Domain Dashboard, click on Authentication, and go through the configuration process. 

What information will I need to provide to Highfive to configure SSO?
 
You'll need three pieces of information: your SAML provider URL, your SAML provider issuer, and your SAML provider X.509 certificate. Different providers may call these items by a different name. 
 
What information will I need to provide to my identity provider to configure SSO?
 
You'll need to provide your Highfive SSO URL, which you can find in your Domain Dashboard. Additionally, you'll need to set up three custom attributes: user.firstName, user.lastName, and user.email. The custom attributes are case sensitive. 

How are people notified when SSO is enabled?

Once your company enables SSO for your company’s Highfive account, you should let your team know that they'll be redirected to your identity provider when logging into Highfive. After configuration, the next time a user attempts to login to Highfive, they'll be forced to use a login flow that goes through your identity provider. 

How does SSO work with two-step verification?

If your company has decided to make SSO a requirement, authentication will be determined by the identity provider they’ve chosen to use. Your company can always add more layers of security through the identity provider.

Any security features that Highfive itself provides, such as two-step verification, are no longer in effect because the identity provider now handles all aspects of authentication.

How do I disable SSO in Highfive?

Please refer to this article

Brian Hickey -

Still have questions?

We're here to help

Powered by Zendesk