Single Sign on Hubspot

Kapil
Participant

We need to apply Single Sign-on on HubSpot. Can you light us on what would be the possible solution to implement Single Sign-On? We tried with creating a custom side panel and sending a single sign-in request to our web application but it doesn't work as third-party cookies issue.

Please suggest, what would be the best way to implement Single Sign-on with our web application.

0 Upvotes
7 Replies 7
3PETE
HubSpot Employee

@Subhash At the moment we do not offer the ability to have SSO. Google Login is the only authenticated login beyond a HubSpot Username/password.

0 Upvotes
Not applicable

hello pmanca,

do you know if/when SSO will be available to log users in without credentials? it would seem that with the vast features of the HS api this wouldn't be too difficult to implement.

any help is appreciated, thank you

carmen

0 Upvotes
Kapil
Participant

Thanks for quick reply. Let me explain the complete workflow we are trying to implement to do SSO for HubSpot users into our application.

We have created an app in HubSpot and Once user provides access to our app they are redirected back to our application. We then validate the access tokens from Hubspot and if the same user(with the same email) exists in our application we auto log them in. Please let me know if you see any possible security-related issues in this workflow.

Thanks a lot

0 Upvotes
3PETE
HubSpot Employee

@Subhash Where are you auto-logging them into? What is your desired end goal for this? Is this just a security evaluation?

0 Upvotes
Kapil
Participant

We are trying to auto login the users who uses both Hubspot and our application in a secure way. So when a user login into Hubspot and grant access to our application we build in hubspot we want users to be auto logged into our application. Think of it as a Facebook or Google login in any third party application, only for users with same email address in hubspot and our application. Let me know if it makes sense?

Thanks a lot

0 Upvotes
Kapil
Participant

Let me explain the whole usecase:

The user installs and authorizes the application we created for Hubspot.
After installation user is redirected to call back URL of our application.
Our application verifies if the authorization token is valid from HubSpot. If token is valid and the same User exists in our database we will Login the user to our application.

As per my understanding this is a secure way of doing the Auto login into our application, Since the Token we get from hubspot is only valid for one time use and we only allow users who already exists in our application to login.

I will appreciate If you could confirm that this method is secure. Let me know if you have any questions.

Thanks,
Gagan

0 Upvotes
3PETE
HubSpot Employee

@Subhash This sounds like you are referring to Single Sign on for your app and not HubSpot. Whether this is secure will be up to you and your team for your app and not up to HubSpot.

0 Upvotes