Share SSO SAML with External Website

DinoBo · ‎Jan 26, 2023

I am in the process of setting up a custom identity provider using KeyCloak. The goal is to use this as the IDP for HubSpot SSO, as well as the IDP for another external site.

We want to allow users to SSO into HubSpot using our custom IDP, and then potentially visit an external website which shares the same custom IDP (through a link in the HubSpot page) without having to sign in again when reaching the the external website.

Does anyone have experience/advice with this integration?

DinoBo · ‎Feb 9, 2023

Regarding this - I have been able to do some research on my own and uncovered a few things. What I have found is that the above flow is indeed possible. Usually, an IDP can be configured to store a session cookie on the user's device. This can be utilised as an authentication mechanism, removing the need to sign in again when authenticating from another trusted and IDP-linked service provider.

I hope this can help someone implementing something similar in the future - please don't hesitate to ask questions as comments for more insight.

View solution in original post

DinoBo · ‎Feb 9, 2023

Regarding this - I have been able to do some research on my own and uncovered a few things. What I have found is that the above flow is indeed possible. Usually, an IDP can be configured to store a session cookie on the user's device. This can be utilised as an authentication mechanism, removing the need to sign in again when authenticating from another trusted and IDP-linked service provider.

I hope this can help someone implementing something similar in the future - please don't hesitate to ask questions as comments for more insight.

Jaycee_Lewis · ‎Jan 26, 2023

Hi, @DinoBo 👋 This is a tough topic to find much info on. We can see if @JErasmus4 and @vPhilipp can share any tips or experience getting this set up with HubSpot.

Best,

Jaycee

Jaycee Lewis

Developer Community Manager

Community | HubSpot

APIs & Integrations