Who is this article for?

IT administrators and tenant administrators configuring SSO (SAML) for Ideagen Hub.

Covers: Okta · Microsoft Entra · PingID · Google Workspace

Pre-requisites – obtaining your Hub SAML values

Before configuring your identity provider, complete the following steps inside Ideagen Hub to obtain the values required for your SSO setup.

Step 1 – Access the Admin Console

Log in to Hub. Click your profile avatar in the top-right corner and select Admin Console.

Step 2 – Open External IDP Configuration

Inside the Admin Console:

1. Click the Security Centre icon in the left sidebar.
2. Expand the Authentication section.
3. Click Configure > next to External IDP Configuration.

Step 3 – Add an Identity Provider

Click + Add identity provider.

Step 4 – Select SAML

When prompted to choose an IDP configuration type, select SAML and click Next.

Step 5 – Note your Hub SAML values

Hub will display the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) specific to your organisation. Keep this screen open — you will need to copy these values into your identity provider's configuration.

You may also download the signing certificate and encryption certificate from this screen if required by your IdP.

Okta

Step 1 – Set up the new SAML application

1. Log in to your Okta Admin Console and navigate to Applications > Applications > Create App Integration > SAML 2.0.
2. Enter the App Name as Ideagen Hub and add a logo if required.
3. Click Next.

4. Navigate to the Configure SAML tab of the application.
5. Enter the following values from Hub into the corresponding Okta fields:

Click Next to generate the new app.

Step 2 – Attribute mapping

1. Once the new app has been generated, select the Sign On tab and scroll to Attribute Statements.
2. Next to Profile attribute statements, click Edit to create two new attributes:

Step 3 – Get Okta's Metadata URL (new setup only)

1. After saving the SAML configuration, navigate to the application's Sign On tab.
2. Under Metadata details, locate the Metadata URL and click Copy.

Step 4 – Back in Hub (new setup only)

1. Return to the Hub SAML Configuration screen.
2. Under Metadata document source, select Enter metadata document endpoint URL and paste Okta's Metadata URL into the field.
3. Under Map attributes, add the following mapping and click Apply Configuration:

Microsoft Entra (Azure AD)

Step 1 – In Microsoft Entra

1. Log in to the Microsoft Entra admin centre and create a new Enterprise Application with SAML-based sign-on, or open an existing one.
2. Navigate to Single sign-on and select SAML.
3. In the Basic SAML Configuration section, enter the following values from Hub:

Step 2 – User attributes & Claims

Add two new claims within this section:

Step 3 – Download Federation Metadata XML (new setup only)

1. Scroll to the SAML Certificates section.
2. Click Download next to Federation Metadata XML and save the file.

Step 4 – Back in Hub (new setup only)

1. Return to the Hub SAML Configuration screen.
2. Under Metadata document source, select Upload metadata document and upload the XML file downloaded in Step 3.
3. Under Map attributes, add the following mapping and click Apply Configuration:

PingID

Step 1 – In PingID

1. Log in to your PingID Admin Console and create a new application.
2. From the SAML Configuration tab, select Manually Enter and enter the following values:

3. From the Attribute Mappings tab, select the pencil icon in the top right-hand corner.
4. Select + Add and enter two new mappings:

Step 2 – Download SAML Metadata XML (new setup only)

Within PingID, navigate to the Configuration tab of the application and click Download Metadata.

Step 3 – Back in Hub (new setup only)

1. Return to the Hub SAML Configuration screen.
2. Under Metadata document source, select Upload metadata document and upload the XML file downloaded in Step 2.
3. Under Map attributes, add the following mapping and click Apply Configuration:

Google Workspace

Step 1 – In Google Workspace Admin Console

1. Log in to the Google Workspace Admin Console and navigate to Apps > Web and mobile apps.
2. Add a new custom SAML application.
3. In the Service provider details step, enter the following values from Hub:

4. Under SAML attribute mapping, enter the following:

Step 2 – In Hub – Enter Provider Name (new setup only)

1. Return to the Hub SAML Configuration screen.
2. Enter a Provider name for this identity provider.

Step 3 – Download Google Metadata XML (new setup only)

Back in the Google Workspace Admin Console, click Download Metadata to download the metadata XML file for this SAML app.

Step 4 – Back in Hub (new setup only)

1. Under Metadata document source, select Upload metadata document and upload the XML file downloaded in Step 3.
2. Under Map attributes, add the following mapping and click Apply Configuration:

Key resources

• FAQs: Ideagen Hub and Ideagen EHS Core
• Get Ready for Your New Command Centre for Ideagen EHS Core (SSO login)
• Notifying your team about the Ideagen Hub and EHS Core migration (SSO login)
• Getting Started: One hub, endless possibilities
• Ideagen Hub user guide
• Ideagen Hub administration guide
• Ideagen Hub release notes