Skip to main content
Configuring Azure Active Directory SAML Single sign-on

Guide to configuring Azure Active Directory SAML Single sign-on on your HandsHQ account

Michelle Kimbler avatar
Written by Michelle Kimbler
Updated over a year ago

This guide is for users looking to configure their Azure Active Directory identity provider with HandsHQ to enable SAML Single sign-on.


Configure Azure AD with HandsHQ

Add the HandsHQ app to Azure

Add HandsHQ to your Azure portal.

  1. Open Azure

  2. Select Enterprise applications

  3. Land on the All applications section

  4. Click New applicationCreate your own application

  5. Add the name of the application HandsHQ

  6. Choose Integrate any other application you don’t find in the gallery (non-gallery) ⇒ Create

Set up SAML SSO in HandsHQ

Next you'll need to set up SAML SSO in Settings ⇒ Single Sign-on.

Enable SSO on HandsHQ

  1. Open HandsHQ

  2. Select Settings at the top of the screen.

  3. In the Single Sign-on section, click Enable SAML SSO.

  4. Scroll down and change "Identity provider" to Azure Active Directory

If you cannot locate this, please contact your customer success manager to enable the feature.

Set up HandsHQ in Azure

  1. Copy Service provider metadata URL

  2. Return to Azure and Select Single sign-on in panel

  3. Select SAML from options

  4. Under Basic SAML Configuration, click Edit to make changes

  5. Paste the copied URL into Identifier (Entity ID) field

  6. Go back to HandsHQ and copy Service provider single sign-on URL

  7. Return to Azure and paste it into Reply URL (Assertion consumer service URL)

  8. Click Save at the top of the screen

Field to copy from HandsHQ

Paste into equivalent field in Azure

Service provider metadata URL

Identifier (Entity ID)

Service provider single sign-on URL

Reply URL (Assertion consumer service URL)

Set up attributes & claims in Azure

To ensure that HandsHQ can verify user information, you must set up the Attributes and Claims section in Azure. This also helps enable Just-in-time provisioning.

  1. In Azure, find the Attributes & Claims section

  2. Click Edit to make to set up both the Required and Additional claims exactly as per the screenshot below:

Attributes and claims must be configured. Make sure the claim name and values are set up exactly as per the screenshot above (even if just-in-time provisioning won't be used).

Tip: leave the "Namespace" section blank for each claim. You can do so by editing the claim and deleting the URL from here - make sure you save the changes.

Set up Azure in HandsHQ

  1. In Azure, find the SAML certificates section, copy App Federation Metadata Url

  2. Paste it into a new tab in your browser ⇒ Find X509 Certificate ⇒ Copy it

  3. Go back to HandsHQ and paste it into the Identity provider certificate field

    1. Note: ensure to delete the </X509Certificate> tags from the start and end of the certificate

  4. Return to Azure ⇒ Find the Set up HandsHQ section ⇒ Copy Login Url field

  5. Go back to HandsHQ and paste it into Identity provider single sign-on URL field ⇒ Save changes

Field to copy from Azure

Paste into equivalent field in HandsHQ

X509 Certificate (see above how to find it)

Identity provider certificate

Login URL

Identity provider single sign-on URL

Add users to Azure

  1. Now return to Azure go to Enterprise applications, select Assign users and groups

  2. Click Add user/groupNone selected ⇒ Select users you want to add to HandsHQ ⇒ SelectAssign

You’re all set, users can now log into HandsHQ using Single Sign-on.

💡 Please note, you will need to also give users permission to access divisions in HandsHQ. You can do so either through HandsHQ Setting ⇒ Users or via email you’ll receive.


Did this answer your question?