If you are on a Scale or Transform membership plan and already use an identity provider or a custom SAML implementation, you can use Single Sign On (SSO) as an authentication method to access Hover.
NOTE: Your organization must be enabled for Single Sign On, and you must have a Hover admin account to see the SSO Configuration screen. Please contact your account manager or the Hover support team ([email protected]) for assistance.
Important notes for SSO use:
Users in an org with Strict SSO enabled cannot be moved to another org or sub-org
When Strict SSO is enabled, you cannot invite users - they must be added through your identity provider
An identity provider (IdP) is a service that stores and manages digital identities
Contact your SSO provider to find out more
Configuration mode allows previously created users to use a password to log-in (in addition to SSO), but newly created users can only use SSO as their login method
When a new user is created through SSO, they are given the pro+ permission setting which means they won't have access to any existing jobs until invited
Navigate to SSO Settings
Once you're logged into your Hover account, click your initials in the upper right corner of the screen
Select Settings from the drop down menu
Click SSO at the bottom of the settings menu
NOTE: If you don't see the SSO tab, please contact your account manager or Hover support to enable your organization for Single Sign On.
Enable SSO for your organization
Follow the 5 steps below - Click the arrows to expand or collapse additional information.
Step 1 uses Okta as the reference Identity Provider. If you use Azure, you can reference their instructions here.
If you do not use Okta or Azure, please use the configuration documentation your IdP provides.
Step 1: Configure your IdP to connect to Hover
Step 1: Configure your IdP to connect to Hover
Hover can work with any Identity Provider (IdP) that supports SAML 2.0 specification. If your IdP doesn't support SAML 2.0, you cannot use SSO on HOVER.
Follow Okta’s documentation to set up a new application (to create the Hover app). Then, complete the form in the 'SAML Settings' section of the app.
Example image:
Use this table as a guide when completing the form:
Step 2: Obtain metadata information from your IdP
Step 2: Obtain metadata information from your IdP
After you have configured the Hover app in your identity provider, you must obtain your IdP's public certificate, authentication URL, and issuer URL.
To access this information:
Select the Hover app under the 'Applications' tab in Okta
Then select 'Sign On'
Click View Setup Instructions
Copy the information in the Identity Provider Single Sign-On URL and Identity Provider Issuer fields to be used in the next step
Click Download Certificate
Step 3: Submit your metadata to Hover
Step 3: Submit your metadata to Hover
With the information you gathered from your IdP, head over to your account on hover.to.
Go to the SSO Configuration page
Click your initials in the upper right corner of the screen
Select Settings from the drop down menu
Click SSO at the bottom of the settings menu
Click Edit in the ‘SAML’ section
Insert the Identity Provider SSO URL, Identity Provider Issuer URL, and the public certificate information
Click Save
Once you’ve updated the SAML configuration, you can turn on SSO in ‘Configuration Mode’. This mode will allow you to test Single Sign On, while continuing to enforce username & password based login for your users.
Step 4: Claim your domain
Step 4: Claim your domain
In order to enforce Single Sign On for your users, you must claim your domain. This will secure your SSO implementation by preventing any of your users from logging in with their username & passwords, and will only allow users with your claimed domain in their email address to access Hover.
To claim a domain:
Add a TXT record to your domain’s DNS records with a verification key provided by Hover.
To get the verification key, click Add domain within the Claim domains section and enter the domain you wish to claim
To get the verification key, click on the ‘Add domain’ button in the ‘Claim domains’ section and enter the domain you wish to claim.
Once you get the TXT record added to your domain’s DNS record, click the Verify link next to the domain name. Hover will verify ownership of the domain in the background, and will mark the domain as ‘Verified’ or ‘Failed verification’.
With all these steps completed, you can now use SSO as your login method on the web and mobile apps.
Still have questions? Reach out to our support team.
Call us (+1.844.754.6837). We're real people and ready to help!
Email us ([email protected]). We'll usually reply in about 30 min.
Chat with us. We generally answer in less than 3 mins. Click on the blue chat icon at the bottom right of your screen.