Configure SSO with SCIM for system users (Admin SSO)

Note: This page covers SSO with SCIM for system user login. For an overview of all system user login options including Legacy SSO and Internal authentication, see Configure SSO for system user login.

HP Insights supports SCIM-based SSO for system user login to the web console. System user accounts, group membership, and role assignments are managed in your identity provider and synchronized into HP Insights automatically. When you add, update, or remove a user in the identity provider, HP Insights reflects the change without any manual steps.

This is configured under Account Settings >  Settings >  Admin SSO.

Initial System Admin

Before configuring SSO, SCIM, or Group Mapping, HP provisions a dedicated System Admin account for your organization. This account is used to complete the one-time setup of your HP Insights environment.

When your HP Insights environment is ready, the initial System Admin receives an invitation email containing a link to your organization's HP Insights tenant. Following the link redirects to your identity provider for authentication. On successful sign-in, the System Admin gains access to the web console and can begin configuration.

Configuring Admin SSO with SCIM 

After the invited initial internal System Admin signs in to the HP Insights web console, they can proceed to configure SSO with SCIM.

The Admin SSO wizard in HP Insights guides you through the steps required to enable SSO sign-in for system users. To access it, navigate to Account Settings > Settings > Admin SSO.

The wizard tracks the status of each step. Complete the steps in order before enabling SSO sign-in.

Step 1: Set up Authentication Providers

Before enabling Single Sign‑On (SSO), you must configure an authentication provider to connect HP Insights to your organization’s external Identity Provider (IdP). This allows administrators to sign in using their existing corporate credentials instead of locally managed passwords.

Authentication providers are configured in the web console under Account Settings > Settings.

HP Insights supports the following authentication methods: OpenID Connect and SAML

OpenID Connect (OIDC)

Use OpenID Connect to integrate with modern identity providers that support OIDC, such as Microsoft Entra ID. This option provides a standards‑based approach to authentication and token management.

For detailed instructions, see Creating an OpenID Connect Application in Microsoft Entra ID.

SAML 2.0

Use SAML 2.0 to integrate with identity providers that support SAML‑based Single Sign‑On. This option is commonly used in enterprise environments that already have SAML configured.

For configuration steps, refer to Creating Application in Entra ID

Once an authentication provider is configured, administrators can authenticate through the external IdP, which is required before enabling features such as Admin SSO and group‑based access control.

Step 2: Set up Friendly URL

A Friendly URL provides users with a straightforward web address for accessing the HP Insights Web Console via Single Sign-On (SSO). This not only simplifies the login process for users but also makes it easier for administrators to communicate the correct login procedure across the organisation.

  1. Navigate to Account Settings > Settings tab.

  2. Locate the Friendly URL Section. Enter a Custom URL Segment. Type in a unique and easy-to-remember URL segment.

  3. Save the settings to apply the Friendly URL.

  4. Share the new SSO login URL with the system users. They can now use this address to access the Web Console through SSO.

Step 3: Set up User and Group Sync

HP Insights uses SCIM (System for Cross-domain Identity Management) to automatically import users and groups from your identity provider. This ensures the right people are provisioned in HP Insights before SSO is enabled, without manual intervention.

SCIM is required for SSO configuration in HP Insights. While SSO handles how users sign in, SCIM controls which users and groups are available and kept in sync.

HP Insights supports the following identity providers. For instructions on how to set up SCIM, select your identity provider from the list below:

Step 4: Map SCIM-synced groups to HP Insights roles.

In this step, you map SCIM‑synchronized identity provider (IdP) groups to HP Insights administrator roles. Group Mapping links user groups from your external identity provider (IdP), such as Microsoft Entra ID, to administrator roles inHP Insights. This allows administrator access to the web console to be managed automatically through group membership when users sign in with SSO.

At sign-in, HP Insights determines admin permissions based on the user’s IdP group membership and the configured mappings.

Note: Only IT Admin and System Admin roles can view and manage group mappings.

  1. Navigate to the Users > Group Mapping tab.

  2. Click the Create button.

  3. In the Role Mapping Properties panel, choose the group you want to map. Once SCIM is enabled and configured to your IdP (e.g., Entra ID), users and groups are imported from the IdP into HP Insights.

  4. Select the Role you want to assign to this group.

  5. Apply the changes.

For more information, refer to the document.

Step 5: Enable SSO Sign-in for System Users

Once authentication, SCIM sync, and group mappings are configured, you can proceed to enable Single Sign-On (SSO) for System Users in HP Insights.

  1. Go to Account Settings > Settings > Admin SSO.

  2. Toggle the Enable SSO Sign-in for System Users to ON.

This allows administrators to access the web Console using the shared SSO URL.

Note: The Enable SSO Sign-in for System Users option is disabled until Steps 1 through 4 have been successfully configured.

Step 6: Test SSO Sign-In

To verify that Single Sign-On (SSO) is functioning correctly for system users, follow these steps:

  1. Navigate to Account Settings > Settings > Admin SSO.

  2. Copy the Sign-in URL provided on this page and paste it into your web browser. This action will open the SSO Login Page.

  3. When prompted, enter your identity credentials as required by the authentication provider.

  4. After successful authentication, you will be logged into HP Insights.