Single Sign-On (SAML SSO) is only available for customers on Hotjar Scale Plans.
Single Sign-On (SAML SSO) will be available for customers on Hotjar Scale Plans. Currently, the Hotjar Scale Plan is not available for purchase, but customers on Business 389+ Plans can now enable single sign-on.
Single Sign-On (SSO) is an identification system that authenticates your identity for multiple applications and services at once. Security Assertion Markup Language (SAML) is most frequently the underlying protocol that makes web-based single sign-on possible.
SAML Single Sign-On lets you access Hotjar through a SAML-Based Identity Provider allowing you to use one set of user identity information to log into many different websites and applications securely without needing to confirm your identity with every service you use.
- How SAML SSO works
- The Benefits of using SAML SSO
- How to request SAML SSO Connection
- How to manage your SAML SSO Connection
- How to access a SAML SSO enabled Organization
How SAML SSO works
SAML provides a way to authenticate users to third-party web apps, like Hotjar, by redirecting your browser to a company login page. After successful authentication on that login page, it redirects you back to the third-party web application where you are granted access.
Below are a few key terms that are involved in a typical SAML SSO authentication process:
- Principle/user (aka a Hotjar customer) - The person who is accessing the web applications.
- Identity Provider (IdP) - An identity provider (IdP) is a cloud software service that stores and confirms the user's identity, typically through a login process.
- Service Provider (SP) - This is the cloud-hosted application or service the user wants to use. These are platforms like Gmail, Slack, Salesforce, and Hotjar.
Instead of logging into the Service Provider directly, when single sign-on is used, you'll log into your Identity Provider instead, and SAML will give access instead of a direct login.
The Benefits of using SAML SSO
- Reduced security risks - SAML SSO is used to provide a single point of authentication at a secure identity provider and then assert the identity to others. Having less applications where your identities are stored means there are fewer places for them to be breached or stolen.
- Experience - SAML SSO allows users to securely access multiple applications with a single set of credentials entered once so that you can conduct business faster and more efficiently.
- Username and Password Management - SAML SSO simplifies username and password management by allowing you to securely access multiple applications with a single set of credentials. It also helps you manage any type of personnel changes such as a team member leaving the organization.
How to Request SAML SSO Connection
Account Owner Access Required
Only the Account Owner can access the Single sign-on section of the account to Request SSO connection. To find out who your account owner is head to your Team List.
From your Settings page, select "Single-sign on"
Click "Request SSO Connection"
SAML SSO is enabled by Hotjar Support
At this time, SAML SSO is enabled by Hotjar support and will take 1-2 business days from when your "Request to Connect SSO" is received. You'll be notified when single sign-on has been enabled on your Organization.
How to Manage your SAML SSO Connection
When SAML SSO has been enabled on your Organization, the Account Owner will be able to view the Organization directly from their dashboard. In the SAML SSO Section of your Hotjar Dashboard, you’ll see details about your SAML SSO connection including the Login ID. As a heads up, only the Account Owner will have access to this section of the dashboard.
For additional help, or to make changes to your single-sign on settings, reach out to support.
How to Access a SAML SSO enabled Organization
SAML SSO is enabled at the Organization level. All Team members who were already listed on the Organization will automatically receive an invite to use Hotjar with their SSO logins instead of their username and password.
From the invite, click Sign Up with SSO
Fill in your details and Sign up with SAML SSO
You'll no longer be able to access the SAML SSO Organization with your username and password
You’ll no longer be able to access the Organization where SAML SSO is enabled with your username and password, with the exception of the Account Owner and Hotjar Support (if required). Team members who are part of multiple Organizations will still be able to use their email and password to login to other Organizations where SAML SSO is not enabled.
After you have created your account, next time you access Hotjar, you’ll need to choose the ‘Sign in with SAML SSO’ option and use your company's Login ID to access the SAML SSO enabled Organization.
Single Sign-On (SAML SSO) FAQs
- How do I change ownership of my account when I have a Single Sign-On (SAML SSO) enabled on my Organization?
- How do I transfer my Single Sign-On (SAML SSO) enabled Organization to a listed admin on the Organization?
How do I change ownership of my account when I have a Single Sign-on (SAML SSO) enabled on my Organization?
Account Ownership cannot be transferred to a listed team member on a Single Sign-On (SAML SSO) enabled Organization. You can change Account Ownership by first inviting the new Account Owner to a non-SSO enabled Organization on your account and then follow the steps to change Account Ownership.
The current Account Owner will lose access
Changing Account Owners will remove the current Account Owner from the the Single Sign-On (SAML SSO) enabled Organization
If you only have one Organization on your account and SAML SSO is enabled, you'll first need to create a new Organization before changing Account Owner.
Create a new Organization on the Account.
Invite the new Account Owner to the new Organization
Once the team member is a user on the non SSO enabled Organization, you can change Account Ownership to them.
How do I transfer my Single Sign-On (SAML SSO) enabled Organization to a listed admin on the Organization?
It is not possible to transfer a SAML SSO enabled Organization to a new account. To transfer an Organization, single sign-on will first need to be disabled. Please reach out to support for help.