If your organization has SSO enabled, you will notice you have a list of domains in your HackEDU Admin Dashboard:
This means that if someone tries to login to HackEDU using an @acme.com email address, they will automatically be redirected to your SSO provider for authentication instead of getting prompted for a password when logging in.
In this example, we will login as
If you are not already logged in to an account on your SSO provider, it will prompt you for your username and password before continuing.
Here is an example using Google as your SSO provider:
You can login as any user with your SSO provider. It is important to note that it does not have to be the same user you entered on the first step.
Case #1: Unexpected User
In this use case, let's say that you logged in as
From here, you are authenticated with SSO and you will be redirected back to the HackEDU app. Your user token will authenticate you as
firstname.lastname@example.org rather than
email@example.com since that is what you used to authenticate with your SSO provider.
Case #2: Unexpected Domain
Another common unexpected issue that can occur with SSO is that the domain doesn't match what you would expect. For example, your SSO admin may have setup your user directory to use a domain like
acmecorp.com . This mapping can typically be changed in your SAML settings, but HackEDU only has access to the email that is passed in the
Name ID SAML assertion.
Here is an example of the Name ID mapping in Google's App SAML settings: