Huntress - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Huntress using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Huntress, ensure you meet the following requirements:
- Huntress admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Huntress are registered in your IdP and have the necessary permissions to access Huntress.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
SAML SSO is only supported for Account-level logins, it is not supported on the Organization-level or Reseller-level. Organization/Reseller users will be required to use username and password.
Huntress - SSO configuration
Step 1 - Start SAML SSO Setup in Huntress
- Log in to your Huntress dashboard.
- In the top-right corner, click on the three horizontal lines (menu).
- Go to Settings.
- In the Single Sign-On section, click on Set up SAML SSO.
- A window will open asking for three fields to complete:
- SSO Service URL
- Entity ID URL
- Certificate
We will retrieve these values from Multi-Pass shortly.
Information Required from Huntress
Refer to Huntress's documentation (SAML SSO for the Huntress Portal). The values you will need for Multi-Pass are:
| Field | Value |
|---|---|
| Identifier | https://huntress.io/sso/metadata |
| Reply URL | https://huntress.io/sso/auth |
| Sign on URL | https://huntress.io/sso |
Step 2 - Configure Multi-Pass
- Open Multi-Pass Dashboard
- Select your tenant.
- In the left-hand menu, click on Advanced Console.
- Once redirected, click on Clients.
You have two options:
- Import Client using the Huntress metadata file.
- Manually create the client (described below).
Create a New Client Manually
- Click on Create Client and fill in the following fields:
| Field | Value |
|---|---|
| Client Type | SAML |
| Client ID | https://huntress.io/sso/metadata |
| Name | Huntress (or any name you prefer) |
| Description | e.g., Huntress SSO Integration |
| Always display in UI | ON |
- Click Next and configure the next fields
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/huntress |
| Valid Redirect URIs | https://huntress.io/sso/auth |
| Valid Post Logout Redirect URIs | (Optional - not mandatory for Huntress) |
| IDP-Initiated SSO URL Name | huntress |
- Click Save
- finalize the configuration, In the Settings tab under SAML Capabilities:
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
- Under Signature and Encryption:
| Setting | Value |
|---|---|
| Sign Assertions | ON |
- Click Save and go on the Keys tab
- Ensure both options are set to OFF
- Go to the advanced tab
| Field | Value |
|---|---|
| Assertion Consumer Service POST Binding URL | https://huntress.io/sso/auth |
- Click Save
Retrieve the Certificate
- In the left-hand menu, click on Realm Settings.
- Go to the Keys tab.
- Locate the RS256 line.
- Click on Certificate and copy the full X.509 certificate (You will need this for Huntress.)
Finalize Setup in Huntress
Return to the Huntress configuration page and complete the fields:
| Field | Value |
|---|---|
| SSO Service URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| Entity ID (URL) | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Certificate | Paste the X.509 certificate between: -----BEGIN CERTIFICATE----- [certificate content] -----END CERTIFICATE----- |
- Click Save
If you want to remove the 2FA please follow the documentation provided by Huntress here
Related Articles
Rocket.chat - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Rocket.chat using MPAS. SSO simplifies user authentication by allowing access to multiple ...Wrike - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Wrike using MPAS. SSO simplifies user authentication by allowing access to multiple ...Blumira - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Blumira using MPAS. SSO simplifies user authentication by allowing access to multiple ...Calendly - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Calendly using MPAS. SSO simplifies user authentication by allowing access to multiple ...Salesforce - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Salesforce using MPAS. SSO simplifies user authentication by allowing access to multiple ...