If your organization has SSO enabled, you will notice you have a list of domains in your HackEDU Admin Dashboard:

This means that if someone tries to login to HackEDU using an @acme.com email address, they will automatically be redirected to your SSO provider for authentication instead of getting prompted for a password when logging in.

In this example, we will login as matt@acme.com :

If you are not already logged in to an account on your SSO provider, they will prompt you for your username and password before continuing.

Here is an example using Google as your SSO provider:

You can login as any user in your SSO provider. It is important to note that it does not have to be the same user you entered on the first step.

Case #1: Unexpected User

In this example case, let's say that you logged in as jared@acme.com .

From here, you are authenticated with SSO and you will be redirected back to the HackEDU app. Your user token will authenticate you as jared@acme.com rather than matt@acme.com since that is what you used to authenticate with your SSO provider.

Case #2: Unexpected Domain

Another common unexpected issue that can occur with SSO is that the domain doesn't match what you would expect. For example, your SSO admin may have setup your user directory to use a domain like acmecorp.com . This mapping can typically be changed in your SAML settings, but HackEDU only has access to the email that is passed in the Name ID SAML assertion.

Here is an example of the Name ID mapping in Google's App SAML settings:

Did this answer your question?