Configuring SSO options
You can configure single sign-on (SSO) to allow your users to log in using your organization's identity provider without generating a separate ChartHop password. While it is optional, we recommend that you require SSO, as it's easier and safer for your users.
ChartHop supports using one SAML-based identity provider at a time, as only one SSO metadata file can be associated with your ChartHop account. Because Google SSO does not use SAML 2.0, it is possible to enable Google SSO in addition to a SAML-based identity provider.
If you want to use a SAML 2.0 identity provider that is not listed here, contact ChartHop support for assistance.
When you enable SSO, you can upload your SSO metadata file and customize your SSO login button image.
ChartHop supports the following Identity providers:
SSO Option | Description |
Enables Google SSO login. Recommended if your organization uses G Suite. Can be used in conjunction with an additional SAML 2.0-based SSO configuration. | |
Microsoft | Enables Microsoft SSO login. Recommended if your organization uses Azure Active Directory. |
Okta | Enables Okta SSO login. Recommended if your organization uses Okta. |
OneLogin | Enables OneLogin SSO login. Recommended if your organization uses OneLogin. |
Azure Active Directory | Enables Azure SSO login. Recommended if your organization uses Azure Active Directory. |
ADP | Enables ADP SSO login when ChartHop is connected to ADP via the ADP Marketplace app. |
If you choose not to use SSO to manage user logins, you also have the option to use standard password logins.
For security reasons it is generally not recommended to use both SSO and password login unless you have users from outside your organization who lack SSO to sign in.
You have the option to restrict the password login from specific IP addresses. If you would like to do so, add the IP addresses in the Only allow password-based login from specific IPs (comma-separated) input.
Note that this only applies to password login, so users with SSO will be able to login from any IP address.