HubSpot Ideas

Chad

SAML authentication

Please add support for SAML authentication. Currently your account security seems to be subpar compared to the rest of the industry. From what I can tell there's no two-factor support, no ability to set minimum password requirements nor support to just force the use of Google login. With SAML support we can manage our entire login security stack (user account verification, two-factor decision, password requirements). With HubSpot containing high sensative information I can't believe this hasn't come up before.

 

At the very least just let us force users to have to use Google to login, then we can mandate some requirements through that.

HubSpot Updates
June 07, 2021 02:57 PM

@Beefy80a we're definitely interested in making SSO available to more of our users. You're absolutely correct that it is not just a concern for larger enterprises, & we want to make options for using it easier to access & improve our SSO system as a whole. I don't have concrete news to share there just yet, but when I do I'll be sure to update this thread!

April 04, 2019 02:29 PM

Hey @ssoadmin I haven't been able to reproduce this on my side just yet. If you're working with our support team, providing them with a Safari version number & that web archive would be helpful. I think I'm on the latest Safari version myself, but I did run into some trouble with a beta branch of Safari a while back because it was defaulting to not allowing third-party cookies to be set in my browser, which made logging into some tools fail.

February 21, 2019 07:10 AM

@ssoadmin great to hear! Glad you're getting value out of the new features.

February 19, 2019 11:40 AM

Hey all,

 

Wanted to drop into this thread to announce some good news you may have already seen in your HubSpot accounts: we've officially got the require SSO functionality delivered to all Enterprise HubSpot accounts, as well as officially supporting SSO for login on our mobile apps. If you want to know more about the functionality & how it works, check out this post on our product blog!

January 04, 2019 07:59 AM

Hey @ssoadmin, that's actually the beta I mentioned above for requiring SSO. It does indeed require it for login.

 

The caveat there is that the mobile app is currently working to add SSO login support, so if you have mobile users who need to access the app after you require SSO, you can add them to the excluded users list (by clicking the link under the require SSO checkbox.) That'll allow them to bypass the requirement & log in with HubSpot credentials; we built this feature with contractors or partners who don't have credentials on your SSO provider in mind. Our mobile team is working quickly to get the SSO login flow into the mobile app, so that necessity will be temporary.

 

cc @vishnu

November 08, 2018 06:30 AM

That's a fair point--we definitely want to allow folks to force SSO as quickly as we can. We currently have that feature in a limited beta. If anyone in this thread is interested in learning more about that beta, please reach out to me via private message & I'm happy to chat more about it & get more accounts involved!

Re: SAML authentication - changed to: Delivered
October 15, 2018 08:50 AM

Just wanted to drop by and formally mark this one delivered! We're hard at work making improvements to SAML support (like the ability to force all logins to your account to happen via single sign-on), but it's available now to all Enterprise customers in HubSpot.

September 14, 2018 07:12 AM

@tspringer there aren't imminent plans to bring this to the Professional level at this point. Currently it's a cross-hub feature, meaning that if you have one Enterprise product, you'll get access, no matter which of our tools you're using (Sales Enterprise, Service Enterprise, or Marketing Enterprise.)

Re: SAML authentication - changed to: In Beta
September 12, 2018 03:41 PM

Hey everyone! Me again. Got some good news, which you might've seen at Inbound, or on our Product Updates: SAML 2.0 is available in HubSpot Enterprise! We're still refining the functionality, but currently, that means that all Enterprise customers can enable single sign-on as an additional login method available for the HubSpot account. There are additional features coming down the pipe very quickly, but we're glad to be able to offer the ability to support SSO for login right now.

 

If you already have a HubSpot Enterprise account, you should see the option to set up SSO in your Account Defaults settings menu. As long as your IDP supports creating a SAML 2.0 app with HTTP POST bindings, your SSO should easily integrate with HubSpot. Detailed setup guides will be coming for more providers soon, but right now we offer steps for both Okta & OneLogin. Hope you're as excited to see this functionality in HubSpot as we are!

Re: SAML authentication - changed to: In Planning
August 10, 2018 03:05 PM

Hey everyone, just wanted to swing back through to say we're officially doing the planning for SAML 2.0 with HubSpot now. This thread will be updated as soon as we've got more info to share. Thanks for your feedback, & for pushing us to build the best possible product!

May 29, 2018 12:06 PM

Hey folks! I work with the product team responsible for our login and account security efforts, so I wanted to jump into this thread and let you know that this is definitely a request that is on our radar. We get the request for SAML and more full-featured SSO support often enough that we recognize it's a big draw for our customers, especially those juggling multiple software solutions where those features are already in use in other parts of the organization. It's definitely something we'd like to solve for you.

 

Since this thread was created, we have added support for two-factor authentication via SMS and Google Authenticator on a per-user basis. If you haven't already activated that feature on your HubSpot account, it's worth doing; SAML is a diffent project, but one we'd like to tackle.

35 Replies
LaurenSporck
Participant

Agree very surprised to see this wasn't supported yet

bshields
Member

 Yes surprising this is not supported - it's really a standard feature on enterprise SAS providers. Just being able to enforce Google login would be a 90% solution for me, but SAML would be great.

tb1
Member

Would really like to see support for this.

tspringer
Participant

Agreed - we NEED this. Pretty basic feature for any SaSS solution these days...

rad
HubSpot Product Team
HubSpot Product Team

Hey folks! I work with the product team responsible for our login and account security efforts, so I wanted to jump into this thread and let you know that this is definitely a request that is on our radar. We get the request for SAML and more full-featured SSO support often enough that we recognize it's a big draw for our customers, especially those juggling multiple software solutions where those features are already in use in other parts of the organization. It's definitely something we'd like to solve for you.

 

Since this thread was created, we have added support for two-factor authentication via SMS and Google Authenticator on a per-user basis. If you haven't already activated that feature on your HubSpot account, it's worth doing; SAML is a diffent project, but one we'd like to tackle.

doughelm
Member

 Rad - any update on the roadmap for SAML?

BrettHill
Participant

This continues to be an issue for our long term relationship with HubSpot.  Every year when we are up for renewal this is one of the functions HubSpot is lacking which triggers re-evaluation. 

tb1
Member

This is key for security and access controls at our company - can we please priotize this feature for the HS dev team? Thanks!

rad
HubSpot Product Team
HubSpot Product Team

Hey everyone, just wanted to swing back through to say we're officially doing the planning for SAML 2.0 with HubSpot now. This thread will be updated as soon as we've got more info to share. Thanks for your feedback, & for pushing us to build the best possible product!

tb1
Member

This is great news! If possible documentation for Salesforce Identity would be appreciated.

rad
HubSpot Product Team
HubSpot Product Team

Hey everyone! Me again. Got some good news, which you might've seen at Inbound, or on our Product Updates: SAML 2.0 is available in HubSpot Enterprise! We're still refining the functionality, but currently, that means that all Enterprise customers can enable single sign-on as an additional login method available for the HubSpot account. There are additional features coming down the pipe very quickly, but we're glad to be able to offer the ability to support SSO for login right now.

 

If you already have a HubSpot Enterprise account, you should see the option to set up SSO in your Account Defaults settings menu. As long as your IDP supports creating a SAML 2.0 app with HTTP POST bindings, your SSO should easily integrate with HubSpot. Detailed setup guides will be coming for more providers soon, but right now we offer steps for both Okta & OneLogin. Hope you're as excited to see this functionality in HubSpot as we are!

tspringer
Participant

Will this eventually be available to Professional subscriptions as well?

rad
HubSpot Product Team
HubSpot Product Team

@tspringer there aren't imminent plans to bring this to the Professional level at this point. Currently it's a cross-hub feature, meaning that if you have one Enterprise product, you'll get access, no matter which of our tools you're using (Sales Enterprise, Service Enterprise, or Marketing Enterprise.)

rad
HubSpot Product Team
HubSpot Product Team

Just wanted to drop by and formally mark this one delivered! We're hard at work making improvements to SAML support (like the ability to force all logins to your account to happen via single sign-on), but it's available now to all Enterprise customers in HubSpot.

Chad
Member

Hi Rad,

I'm unsure that this is actually delivered. I believe part of the original request was to not only add support for additional authentication systems but to force users to actually have to use them.

 

"You cannot require single sign-on be enabled for all logins to your hub. All users are able to log in either with their SSO credentials, or with their HubSpot credentials." per your set up page.

 

If users aren't required to authenticate using more secure means, they won't. They'll set a simple, easily guessable passwords and use that instead to login.

 

Maybe I'm missing it, but would you be able to at least point me to the spot we can set minimum password requirements on accounts?

rad
HubSpot Product Team
HubSpot Product Team

That's a fair point--we definitely want to allow folks to force SSO as quickly as we can. We currently have that feature in a limited beta. If anyone in this thread is interested in learning more about that beta, please reach out to me via private message & I'm happy to chat more about it & get more accounts involved!

ssoadmin
Member

Has the forced SSO been resolved?  I see this in the admin panel:

 

Screen Shot 2019-01-03 at 8.48.42 PM.png

 

Or does it say require while not actually requiring?

 

I'm attempting a new enterprise deployment and just got SSO working, but I'd hate to find it is not actually going to force the use of SSO.  Additionally, can't find how to get SSO working on mobile app; I assume the lack of mention on the mobile app login screen means it's missing, which would be hugely disappointing since what enterprise has no mobile users...  it defeats the whole effort of attempting to force security best practices. 

rad
HubSpot Product Team
HubSpot Product Team

Hey @ssoadmin, that's actually the beta I mentioned above for requiring SSO. It does indeed require it for login.

 

The caveat there is that the mobile app is currently working to add SSO login support, so if you have mobile users who need to access the app after you require SSO, you can add them to the excluded users list (by clicking the link under the require SSO checkbox.) That'll allow them to bypass the requirement & log in with HubSpot credentials; we built this feature with contractors or partners who don't have credentials on your SSO provider in mind. Our mobile team is working quickly to get the SSO login flow into the mobile app, so that necessity will be temporary.

 

cc @vishnu

rad
HubSpot Product Team
HubSpot Product Team

Hey all,

 

Wanted to drop into this thread to announce some good news you may have already seen in your HubSpot accounts: we've officially got the require SSO functionality delivered to all Enterprise HubSpot accounts, as well as officially supporting SSO for login on our mobile apps. If you want to know more about the functionality & how it works, check out this post on our product blog!

ssoadmin
Member

Working fantastic; just tested logging into my account on iOS mobile app with Duo-based SAML + required MFA!!