This guide will walk you through setting up SAML Single Sign-On (SSO) for the HouseCanary Solutions platform, allowing your users to log in using their existing credentials from your Identity Provider (IdP).
Please note: only Teams and Enterprise clients have access to this feature.
Prerequisites
Administrator Access - you need administrator privileges for both your HouseCanary account ("Org Admin") and your IdP to configure SSO.
SAML 2.0 Compatible IdP - your organization must use an IdP that supports the SAML 2.0 protocol. Popular options include Okta, Azure AD, Google Workspace, OneLogin, and Ping Identity.
Understanding of SAML Concepts - familiarity with terms like Entity ID, SSO URL, Certificate, and Metadata will be helpful.
Steps to Configure SAML SSO for your HouseCanary account
Log in to the HouseCanary Solutions Platform. Ensure your account has Org Admin privileges.
Navigate to the SSO configuration page.
Gather the following information from your IdP:
Domain - the domain should match the email address domain of your users. Example: for user email "[email protected]" the domain is "company1.com" (without quotes).
Certificate (X.509 Certificate) - this is the public certificate used to verify the signature of SAML assertions from your IdP. Download it in `.pem` or `.cer` format.
Metadata - an XML metadata file containing all the necessary information to configure SAML.
On the SSO configuration page, enter the information retrieved above.
In the “Domain” field, enter in the domain information.
In the “Certificate” field, copy and paste the certification information that you downloaded.
In the “Auth Metadata” field, copy and paste the XML file that contains the metadata required.
If desired, click the “Mandatory” toggle to force users in your organization to use SSO to sign on. If this is not enabled, users can login with both usernames / passwords and SSO (which may not be desired).
Click “Save”.
Upon clicking save, the “Org Slug” for your organization and the specific login link for your organization will be visible, encased in a yellow box. These can both be used for your users to sign in.
After this information has been input, HouseCanary will be notified that you have done initial configuration for SSO. After review of your domain, HouseCanary will send you a message via e-mail or in-app message letting you know that SSO is active for your account and that you can proceed to the next step.
Configure HouseCanary in your IdP
Add a new application in your IdP's admin console. Documentation for common IdP providers are provided below for reference only:
Select "SAML 2.0" as the application type.
Enter the Assertion Consumer Service (ACS) URL - enter the value from the “Login Link” within the HouseCanary platform.
Configure Attribute Mapping - map the user attributes from your IdP to the corresponding attributes for each HouseCanary user. You’ll need to map the user’s e-mail address, first name, and last name.
Test the SSO Connection
Once you've saved the configuration in both HouseCanary and your IdP and HouseCanary has informed you that SSO is active, test the connection by using the "Login Link" provided on the HouseCanary SSO configuration page.
You should be redirected to your IdP's login page.
After successfully authenticating, you should be redirected back to HouseCanary and logged in.
Please note that all users added via SAML are given “User” roles in HouseCanary. If you would like them to have an “Org Admin” role, please adjust their role directly in the HouseCanary platform by visiting the Manage Users page.