Skip to content
Unlock Health Logo

Setting Up Single Sign-on (SAML) for Your Organization

No video selected

Select a video type in the sidebar.

Note: You will likely need help from your IT team to complete the SSO setup. The person assisting must have Admin access to the HRA Console to view and configure SSO settings.

💡 Learn more about managing user permissions

To begin setup, click the gear icon in the upper-right corner of the screen and select SSO from the dropdown menu.

SSO-dashboard

Once you have accessed the SSO set-up screens, complete the following steps:

Steps 1 & 2: Add & Verify Your Domain

Add a DNS CNAME Record for your domain.

Click the +Add Domain button to get started.

SSO-add domain

Next, Enter your domain name into the field and click Continue.

SSO1

Copy the Host Name and Destination provided to you in the HRA Console for your CNAME record and then click Verify Domain button. 

SSO2

Step 3: Configure Your SSO Identity Provider

  • For specific instructions to set up Okta as your SSO provider, click here
  • For specific instructions to set up Microsoft 365 as your SSO provider, click here

Okta Setup Guide

After domain verification, you will be brought to this page within the HRA console:

sso-screen

The two values at the top of the page (Login Callback URL and Entity ID), should be copied to this screen in Okta:

okta-1

  1. Copy Login Callback URL to Single sign-on URL

  2. Copy Entity ID to Audience URI (SP Entity ID)

  3. Change Application username to Email

Next, from this screen in Okta, copy the Metadata URL:

 

okta-2

 

 

  1. Open this URL in your browser, then CMD+S / Ctrl+S to save the file as an .xml file.

  2. From the HRA Console, click Upload File and select the file you just saved. This should populate the three fields below the Upload File button.

  3. Upon submitting the page, SSO will be enabled in testing mode.
    Jump to Step 3: Test Your SSO

Microsoft 365 Setup Guide

After domain verification, you will be brought to this page with the HRA console:

sso-screen

The two values at the top of the page (Login Callback URL and Entity ID), should be copied to this screen in Microsoft 365:

MS365

  1. Copy Login Callback URL to Reply URL (Assertion Consumer Service URL)

  2. Copy Entity ID to Identity (Entity ID)

Note: The Attributes & Claims section can remain set to the default values.


Next, download the Metadata URL: 

  1. Download the App Federation Metadata URL from Microsoft 365 (see section 3 in the screenshot above)

  2. Open this URL in your browser, then CMD+S / Ctrl+s to save the file as a .xml file.

  3. From the HRA Console, click Upload File and select the file you just saved

    This should populate the three fields below the Upload File button.

  4. Upon submitting the page, SSO will be enabled in testing mode.

Step 4: Test Your SSO

After configuring SSO, you'll have the opportunity to test it before activating it for your organization.

When testing is complete, click Disable Test Mode to enable SSO for all users in your verified domain. To add more domains, simply repeat the setup process for each one.

SSO-test

 


If you need any help navigating the HRA Management Console or have features you wish to see added, don’t hesitate to contact your Client Success representative!

Email: hrasupport@unlockhealthnow.com