SSO and Authentication

SSO and Authentication for Humanloop

Humanloop offers authentication options to ensure secure access to your organization’s resources. This guide covers our Single Sign-On (SSO) capabilities and other authentication methods.

Single Sign-On (SSO)

Single Sign-On allows users to access multiple applications with a single set of credentials. Humanloop supports SSO integration with major identity providers, enhancing security and simplifying user management.

Supported SSO Providers

  • Google Workspace
  • Okta
  • Azure Active Directory
  • OneLogin
  • Custom SAML 2.0 providers

Benefits of SSO

  1. Enhanced security with centralized authentication
  2. Simplified user management
  3. Improved user experience with reduced password fatigue
  4. Streamlined onboarding and offboarding processes

Setting up SSO

To set up SSO for your organization:

  1. Contact our sales team to enable SSO for your account
  2. Choose your identity provider
  3. Configure the connection between Humanloop and your identity provider
  4. Test the SSO integration
  5. Roll out to your users

Multi-Factor Authentication (MFA)

For accounts not using SSO, we strongly recommend enabling Multi-Factor Authentication for an additional layer of security.

MFA Options

  • Time-based One-Time Password (TOTP) apps
  • SMS-based verification
  • Hardware security keys (e.g., YubiKey)

API Authentication

For programmatic access to Humanloop, we use API keys. These should be kept secure and rotated regularly.

Managing API Keys

  • Generate API keys in your account settings
  • Use environment variables to store API keys in your applications
  • Implement key rotation policies for enhanced security

User Provisioning and Deprovisioning

Humanloop supports automated user lifecycle management through our Directory Sync feature. This allows for:

  • Automatic user creation based on directory group membership
  • Real-time updates to user attributes and permissions
  • Immediate deprovisioning when users are removed from directory groups

Best Practices

  1. Use SSO when possible for centralized access control
  2. Enable MFA for all user accounts
  3. Regularly audit user access and permissions
  4. Implement the principle of least privilege
  5. Use secure protocols (HTTPS) for all communications with Humanloop

For more information on setting up SSO or other authentication methods, please contact our support team or refer to our API documentation.

Active Directory Sync

Humanloop supports Active Directory Sync for automated user provisioning and deprovisioning. This feature allows you to:

  • Automatically create and update user accounts based on your Active Directory groups
  • Sync user attributes and roles in real-time
  • Instantly deprovision access when users are removed from AD groups
  • Maintain consistent access control across your organization
  • Reduce manual user management tasks and potential security risks

To set up Active Directory Sync:

  1. Contact our sales team to enable this feature for your account
  2. Configure the connection between Humanloop and your Active Directory
  3. Map your AD groups to Humanloop roles and permissions
  4. Test the sync process with a small group of users
  5. Roll out to your entire organization

For more information on implementing Active Directory Sync, please contact our support team.