Hudu - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Hudu using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Hudu, ensure you meet the following requirements:
- Hudu admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Hudu are registered in your IdP and have the necessary permissions to access Hudu.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Hudu - SSO configuration
Activate SAML in Hudu
- Log in to your Hudu dashboard.
- In the top-right menu, click on Admin.
- From the Admin panel, select the Security tab.
- In the Authentication section at the top of the page, click on Configure next to SAML / SSO.
- You’ll arrive on the Enable Single Sign-On page.
- Toggle the switch to ON to activate SAML SSO.
- Below, you'll see configuration fields appear.You can optionally consult Hudu's official documentation by clicking Generic Provider.
Hudu Fields to Fill
| Field | Description |
|---|---|
| SAML Issuer URL | Provided by Multi-Pass |
| SAML Login Endpoint | Provided by Multi-Pass |
| SAML Logout Endpoint | Provided by Multi-Pass |
| SAML Fingerprint | Certificate fingerprint from Multi-Pass (SHA-256) |
| SAML Certificate | Public certificate from Multi-Pass |
| SAML ARN | Optional, leave empty if not needed |
| Exempt from SSO | Add users to bypass SSO (e.g., breakglass account) |
The information required above will be mentioned later in the documentation.
Configure Multi-Pass
- Go to Open Multi-Pass Deployment Dashboard
- Authenticate and select your deployment.
- Click on Integration > Applications, and locate the shortcut for Hudu.
- For a complete setup, click on Advanced Console in the left-hand menu.
- In the Advanced Console, click on Clients > Create Client.
- Fill in the following fields:
| Field | Value |
|---|---|
| Client Type | SAML |
| Client ID | Hudu domain (e.g., https://docs.mywebsite.com) |
| Name | hudu (or any name of your choice) |
| Description | e.g., SSO Integration |
| Always display in UI | ON |
- Click Next
- Make sure to complete the next fields correctly :
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/Randintegration/protocol/saml/clients/hudu |
| Valid Redirect URIs | https://docs.mywebsite.com/saml/consume |
| IDP-Initiated SSO URL Name | hudu |
- Click on Save, you will be redirected on a new page with several tabs and fields.
- In the Settings tab, scroll to SAML Capabilities and configure:
| Setting | Value |
|---|---|
| Name ID Format | |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
| Other SAML options | OFF |
- In the Signature and Encryption section:
- Sign Documents: ON
- Click Save.
- In the Keys tab :
- Client Signature Required: OFF (both toggles should be OFF)
- Move to the Advanced Tab and complete the following field:
- Assertion Consumer Service POST Binding URL: https://docs.mywebsite.com/saml/consume
- Click Save again.
Get Metadata and Certificate from Multi-Pass
- In the left-side menu, click Realm Settings.
- Go to the Keys tab.
- Locate the RS256 line and click Certificate.
- A modal will open. Copy the certificate.
- Optionally, compute its SHA-256 fingerprint if required by Hudu.
Finalize Configuration in Hudu
- Return to your Hudu SAML configuration page, and fill in the following:
| Field | Value |
|---|---|
| SAML Issuer URL | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| SAML Login Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| SAML Logout Endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| SAML Fingerprint | SHA-256 fingerprint from the Multi-Pass certificate |
| SAML Certificate | The full X.509 certificate from MPAS, wrapped in:-----BEGIN CERTIFICATE-----[certificate]-----END CERTIFICATE----- |
- Click Save to apply the configuration.
Test the Passwordless Login
- Log out of your Hudu session.
- Go to your Hudu domain (e.g., https://docs.mywebsite.com).
- Try logging in via SSO — you should be redirected to Multi-Pass and receive a passwordless push notification.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...HaloPSA - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for HaloPSA using MPAS. SSO simplifies user authentication by allowing access to multiple ...Auvik - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Auvik using MPAS. SSO simplifies user authentication by allowing access to multiple ...Huntress - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Huntress using MPAS. SSO simplifies user authentication by allowing access to multiple ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...