HowlOps
FeaturesHow it worksPricingIntegrationsDocsChangelogContact
Log inStart free
DOCS

Configure SSO (SAML)

Set up SAML single sign-on for your workspace to enable centralized identity management.

Premium
Enterprise

SAML SSO is available on Premium and Enterprise tiers.

Prerequisites

  • You must hold the Owner or Admin role.
  • Your identity provider (IdP) must support SAML 2.0 (Okta, Microsoft Entra ID / Azure AD, Google Workspace, and others).
  • Users signing in via SSO must have email addresses in the allowed domain.

Steps

1. Open SSO settings in HOWLOPS

  1. Go to Settings > Security > Single sign-on.
  2. Click Configure SSO.

Copy the following values — you will need them at your IdP:

ValueWhere to find it
ACS URLShown in the SSO settings panel
Entity ID (SP)Shown in the SSO settings panel

2. Create the application at your IdP

Create a new SAML application in your IdP and use the values above. Exact steps vary by provider:

  • Okta: Applications > Create App Integration > SAML 2.0 > paste ACS URL and Entity ID.
  • Entra ID / Azure AD: Enterprise applications > New application > Create your own > Non-gallery > set up SAML.
  • Google Workspace: Admin console > Apps > Web and mobile apps > Add app > Add custom SAML app.

Set the Name ID format to EmailAddress and map the user's email address as the Name ID value.

3. Configure the IdP details in HOWLOPS

After creating the application at your IdP, download or copy:

  • The IdP Metadata XML (preferred), or
  • The IdP SSO URL and X.509 certificate separately.

Back in HOWLOPS Settings > Security > SSO:

  1. Paste the metadata XML or fill in the individual fields.
  2. Enter the allowed email domains (comma-separated), for example example.com.
  3. Optionally enable Just-in-time (JIT) provisioning to automatically create accounts for new SSO users.
  4. Click Save.

4. Test the configuration

  1. Open a private/incognito browser window.
  2. Go to your HOWLOPS login page and click Sign in with SSO.
  3. Enter your email address and follow the IdP authentication flow.
  4. You should be redirected back to HOWLOPS and logged in.

5. Optional: enforce SSO

To require all workspace members to use SSO (preventing password login):

  1. Go to Settings > Security > SSO.
  2. Enable Enforce SSO for all members.

Owners retain an emergency password bypass for breakglass access.

Troubleshooting

See SAML debugging guide for detailed error diagnostics.

See also

Was this page helpful?