Configure SSO for system user login
For system users signing in to the HP Insights web console
This page covers SSO for sytem users signing in to the web console. System users are administrators with elevated permissions who sign in to the HP Insights web console to configure and manage the system. F
Overview
System users sign in to the HP Insights web console using one of three authentication provider types: Internal, SAML, or OpenID Connect. The appropriate option depends on whether your organization uses an external identity provider and how you want to manage user identities.
If you use an external identity provider, you must also choose how system user accounts are provisioned, either automatically through SCIM or manually.
Benefits of SSO
- Works with any SAML 2.0 or OpenID Connect identity provider, including Microsoft Entra ID, Google, Auth0, and AppleConnect.
- System users sign in with their existing organisation credentials. No separate HP Insights passwords to remember.
- Credentials stay in the identity provider. HP Insights doesn't store or manage passwords for SSO-enabled users.
Choose an Authentication Provider
Find the row that matches your situation. The provider type and provisioning method together determine where you configure SSO and how user accounts are managed.
If your organisation doesn't have an identity provider, use Internal authentication — it's the default and needs no configuration. See Internal authentication for system user login.
| Authentication provider | Provisioning | When to use it | Where it's configured |
|---|---|---|---|
| SAML 2.0 or OpenID Connect with SCIM | Automatic | You have an identity provider and want user accounts, roles, and group membership managed there automatically. Choose SAML if your org already has SAML in place. Choose OIDC for modern cloud IdPs like Entra ID or Google. | Account Settings > Settings > Admin SSO (wizard with links to each step). Step 1 takes you to User Authentication Providers on the same Settings page, shared with print user authentication. |
| SAML 2.0
(Legacy SSO) |
Manual | You have SAML in place but have a small team and don't need automated provisioning. You'll create and manage system users manually. | Account Settings > Single Sign-on Configuration. Create and invite system users manually in Users > System Users. |
| OpenID Connect
(Legacy SSO) |
Manual | You're on a modern cloud IdP and have a small team. No automated provisioning needed and no certificate rotation to manage. | Account Settings > Single Sign-on Configuration. Create and invite system users manually in Users > System Users. |
Note: Admin SSO (SCIM) and Legacy SSO can't be active at the same time. When Admin SSO is enabled, the Single Sign-on Configuration tab is visible but inactive and shows "This feature is not applicable."
Where to go next
| Authentication provider | Provisioning | Go to |
|---|---|---|
| SAML 2.0 or OpenID Connect | Automatic (SCIM) | Configure Admin SSO with SCIM |
| SAML 2.0 | Manual (Legacy) | Configure SAML for system user login |
| OpenID Connect | Manual (Legacy) | Configure OpenID Connect for system user login |