Single Sign-on
HULFT Square supports single sign-on (SSO) that uses Microsoft ADFS (Active Directory Federation Service) or Microsoft Entra ID (formerly Azure Active Directory).
To configure SSO on HULFT Square, select 
> USER MANAGEMENT > Single Sign-On in the navigation menu.
This section explains the key points for configuration of SSO.
-
In order to configure SSO, the SSOFullAccess policy, which contains the ViewSSO and EditSSO permissions, needs to be assigned.
-
Users with SSO enabled can't log in by password or multifactor authentication (MFA).
When users with SSO enabled log in to HULFT Square using SSO, the following functions are disabled:
-
Multifactor authentication
-
Invitation of users
-
Password change
-
Password policy
-
-
As a precaution in case the SSO function becomes unusable, SSO isn't enabled for users who have the EditSSO permission. They must always log in with a password.
It's strongly recommended that they ensure security by taking measures such as also using multifactor authentication.
Tutorials
In order to be able to log in with SSO, first configure ADFS or Microsoft Entra ID in your environment, and then configure SSO in HULFT Square.
For details about how to configure ADFS in your environment, refer to the following tutorial:
For details about how to configure Microsoft Entra ID in your environment, refer to the following tutorial:
For details about how to configure SSO on HULFT Square, refer to the following tutorial:
Points for settings
Single sign-on is configured by a HULFT Square administrator.
To configure single sign-on on HULFT Square, set the pre-defined policy SSOFullAccess on the group to which the administrator belongs. Single Sign-On is displayed under in the navigation menu.
If this is your first time using SSO, it's recommended to apply SSO to a specific group of users first to confirm the usability before applying it to all users.
For the names and functions of basic UI elements and other items of HULFT Square, refer to the following topic:
In the navigation menu, select > USER MANAGEMENT > Single Sign-On to open this page.
You can configure the groups that can log in with SSO and register the ADFS or Microsoft Entra ID configured in your environment to HULFT Square.
- (1) Status
-
The status (on or off) of single sign-on is displayed.
- (2) Group
-
The groups with single sign-on enabled are displayed.
- (3) IdP
-
The service that is used for single sign-on (ADFS or Microsoft Entra ID) is displayed.
- (4) Email Domain
-
The domain of the email that is used for single sign-on is displayed.
- (5) Federation Metadata URL
-
The URL of the federation metadata is displayed.
For details about the federation metadata URL, refer to (5) Federation Metadata URL in Edit screen for Single Sign-On.
- (6) Edit
-
You can change the settings for single sign-on.
For details about the screen displayed after selecting Edit, refer to Edit screen for Single Sign-On.
Edit screen for Single Sign-On
- (1) Status
-
Set single sign-on to on or off.
- Off
-
Single sign-on is disabled.
- On - Specific Group
-
Single sign-on is enabled for the users that belong to a specific group.
- On - All Groups
-
Single sign-on is enabled for all users that belong to all groups.
- (2) Group
-
This field is displayed when you specify On - Specific Group for Status.
Specify the group for which you want to enable single sign-on.
Single sign-on will be applied as the method of authentication for all the users that belong to the group you specify here.
You can add users to this group the same way you did prior to application of SSO–either by selecting Invite user from
> USER MANAGEMENT > Users, or by adding group members from > USER MANAGEMENT > Groups. - (3) IdP
-
Select the service that is used for single sign-on (ADFS or Microsoft Entra ID).
- (4) Email Domain
-
Set the domain of the email that is used for single sign-on.
- (5) Federation Metadata URL
-
To register the ADFS or Microsoft Entra ID configured in your environment to HULFT Square, specify the federation metadata URL.
The federation metadata URL is as follows:
https://<adfs-server-url>/FederationMetadata/2007-06/FederationMetadata.xml
For <adfs-server-url>, specify the URL for ADFS or Microsoft Entra ID that is set in your environment.