Does the Highwire application integrate with Azure SAML SSO?


Highwire allows for integration with Microsoft Azure SAML Single Sign-On (SSO).

Simply stated, SAML (Security Assertion Markup Language) enables a user, authenticated on one system, to sign in to another system automatically, without typing a username or password. 

Specifically, Azure's integration provides SSO capacity as follows:

  • Users create a single set of credentials with MS Azure.
  • Azure users login to many applications, including Highwire, with these credentials.
  • Azure keeps users' login details separate from their Highwire usage data.

Azure never "sees" or records what actions are taken by a user within the Highwire application. The Azure integration only provides access to their Highwire account. Adding Azure as a login option means Highwire Administrators can manage users in a centralized location.

As part of client onboarding, Highwire engineers work directly with clients to ensure seamless SSO integration. For reference, a high-level overview of the integration process is provided below.


Highwire’s Common SSO Configuration

Generally, Highwire works with the client to determine the SSO type to implement. The configuration in Highwire is built on a per email domain basis, which tells the application how to authenticate a given user. Since specific implementation details (e.g., API calls) are subject to change, exact details will be discussed and disclosed at the time of implementation.

When a user enters their account email on the login page, the application determines what (if any) SSO configuration is set for the user's email domain. Upon lookup of this configuration, it will then send the user to the appropriate service for authentication.

Note that a Highwire user can have multiple SSO implementations because it can belong to several organizations, both client and contractor. With Highwire’s current implementation the configurations need to be either all OIDC or all SAML for example.


Azure Specific SSO Implementation

The second part of Highwire’s configuration is specific to the SSO provider, in this case, Microsoft Azure. 

Highwire’s Azure configuration code is securely stored in the Highwire application for easy reuse and implementation by a client who wants to implement SSO. As noted earlier, Highwire engineers work with the client to identify and implement SSO configuration specific to the client’s Azure account settings and email domain.

While Highwire’s application supports Azure SAML SSO, clients who use the Highwire Mobile application will require OIDC integration.