Single Sign-On
Use Hawcx as your identity provider for enterprise single sign-on
Enterprise Feature
SSO is available for enterprise customers. Contact [email protected] to provision SSO for your organization. Self-service configuration is coming soon.
Overview
Hawcx can act as a SAML identity provider (IdP) for your organization, enabling employees to authenticate through Hawcx when accessing your service providers. This replaces password-based login at the SP with Hawcx's device-bound, zero-knowledge authentication.
When SSO is configured, your service provider redirects login requests to Hawcx. Hawcx authenticates the user, then returns a signed assertion back to the SP to establish the session.
Why This Matters
Most organizations already federate their SaaS applications (Slack, Salesforce, GitHub, Jira, Zoom, etc.) through a central directory like Microsoft Entra, Google Workspace, or AWS Cognito. By configuring Hawcx as the identity provider for that directory, every application that federates through it becomes passwordless automatically. You don't need to integrate Hawcx into each application individually. Instead, you federate once at the directory level and every downstream application inherits Hawcx's device-bound authentication.
Supported Protocols
| Protocol | Status |
|---|---|
| SAML 2.0 | Available |
Supported Service Providers
| Service Provider | Guide |
|---|---|
| Microsoft Entra ID (Azure AD) | Setup guide |
What Hawcx Provides
When you contact Hawcx support to enable SSO, you will receive:
| Item | Description |
|---|---|
| Project ID | Your unique organization identifier |
| SAML metadata URL | Endpoint your SP uses to discover Hawcx's IdP configuration |
| SSO endpoint | The URL your SP redirects authentication requests to |
| Signing certificate | X.509 certificate used to verify SAML assertions |
| SCIM endpoint | Base URL for automated user provisioning |
| SCIM bearer token | Authentication token for the SCIM provisioning API |
All endpoints are served from sandbox.hawcx.com.
User Provisioning (SCIM)
Hawcx supports SCIM 2.0 for automated user lifecycle management. When SCIM is enabled, your service provider directory syncs user accounts to Hawcx automatically: new users are provisioned on assignment, profile updates propagate, and deactivated users lose access without manual intervention.
See SCIM Provisioning for the endpoint reference, attributes, and provisioning behavior.
Next Steps
- SAML federation reference — how the SAML model works with Hawcx
- SCIM provisioning reference — endpoints, attributes, and behavior
- Microsoft Entra setup guide — step-by-step SP configuration