Login to SAML/OIDC-Enabled Applications Using a MFA
This use case provides a step-by-step guide for configuring Single Sign-On (SSO) for web-based applications that support the SAML or OIDC protocol in Service Provider (SP) mode. The customer's Hideez Identity Cloud tenant will function as the Identity Provider (IdP), while user authentication is performed via login/password and using the Hideez Authenticator app for MFA.
Scenario Overview
A user opens the URL of a web-based application and is redirected to the customer’s Hideez Identity Cloud tenant for authentication. After entering their login credentials, the user opens the Hideez Authenticator app on their mobile device (Android or iOS), completes the second factor of authentication, and successfully logs in to the application.
Implementation Steps:
Register a Hideez Tenant If you don’t already have a Hideez tenant, register one. Detailed instructions for tenant registration can be found [here].
Configure the SAML or OIDC Application A tenant administrator must configure the web-based application for SSO using either the SAML or OIDC protocol. Configuration instructions are available [here].
Create a Hideez User If you don’t already have a user in your Hideez Identity Cloud tenant, create one. Instructions for user creation are available [here].
Enroll the User in Hideez Authenticator Once the user is created in the Hideez tenant, an SSO activation email will be sent to their personal email address. The user clicks the link in the email and sets up the Hideez Authenticator app as their authentication method. Configuration guides are available for [Android] and [iOS].
Install Hideez Authenticator on Mobile Install the Hideez Authenticator app on the user's mobile phone. Installation and configuration details are available [here].
Test Login to the Application with MFA Verify that the user can successfully log in to the application with MFA using the Hideez Authenticator app for the secomd factor:
Enter the address of the web service or application you wish to access.
You will be redirected to the Hideez Identity Cloud.
Enter your email address, password, and OTP code from the app you set up during the authentication method selection.
Click Verify.
You will then be redirected back to the web service where you initially logged in.
Authentication is complete.
Last updated