Harvestr

In this article, you will learn to set up various authentication methods for Harvestr, including SAML-based Identity Providers (Google Workspace, Microsoft Azure, Okta, etc.), as well as standard Google and Microsoft SSO. Additionally, you’ll find instructions for managing and turning authentication methods on or off to suit your workspace needs.

a Harvestr subscription (Elite for SAML SSO only)

access to your Identify Provider configuration

- a Harvestr subscription (Elite for SAML SSO only)
- an Editor account
- access to your Identify Provider configuration

Harvestr provides flexibility in choosing the authentication methods that best suit your team’s needs. You can enable, disable, or prioritize methods as follows:

Access the <a href="https://app.harvestr.io/settings/project" rel="nofollow noopener noreferrer" target="_blank">Organization Settings</a> section in Harvestr.

View the list of available authentication methods: Email/Password, Google SSO, Microsoft SSO, SAML SSO.

Use the toggle next to each method to turn it on or off (see below for SAML SSO)

1. Access the <a href="https://app.harvestr.io/settings/project" rel="nofollow noopener noreferrer" target="_blank">Organization Settings</a> section in Harvestr.
2. View the list of available authentication methods: Email/Password, Google SSO, Microsoft SSO, SAML SSO.
3. Use the toggle next to each method to turn it on or off (see below for SAML SSO)

Authorizing Multiple Domains for Google and Microsoft SSO

By default, when using standard Google and Microsoft logins, only the domain of the email address used to create your Harvestr workspace is authorized for SSO. To enable access for additional domains, contact our support team.

Setting up SSO with Okta, Google, Azure AD

Here are articles explaining how to set up SAML for specific Identity Providers:

<a href="https://support.harvestr.io/en/articles/7174212-set-up-sso-with-google-workspace">Google Workspace</a>

<a href="https://support.harvestr.io/en/articles/11694034-set-up-sso-with-entra-id-azure-ad">Entra ID (formerly Azure AD)</a>

- <a href="https://support.harvestr.io/en/articles/7174212-set-up-sso-with-google-workspace">Google Workspace</a>
- <a href="https://support.harvestr.io/en/articles/9067729-set-up-sso-with-okta">Okta</a>
- <a href="https://support.harvestr.io/en/articles/11694034-set-up-sso-with-entra-id-azure-ad">Entra ID (formerly Azure AD)</a>

To configure SAML-based SSO for Harvestr with any other Identity Provider:

In your IdP admin console, create a new SAML 2.0 application (often “Custom SAML” or “SAML 2.0 Connector”).

In your SAML app settings, set the SP (Service Provider) parameters as per Harvestr’s SAML-SSO settings — including ACS URL (Assertion Consumer Service URL) and SP Entity ID.

Define the NameID (typically user email) to match what Harvestr expects.

Export the IdP metadata (XML) or copy the metadata URL, then upload it into Harvestr’s SSO configuration.

Assign the SAML app to user groups or users in your IdP so only authorized users can log in.

- In your IdP admin console, create a new SAML 2.0 application (often “Custom SAML” or “SAML 2.0 Connector”).
- In your SAML app settings, set the SP (Service Provider) parameters as per Harvestr’s SAML-SSO settings — including ACS URL (Assertion Consumer Service URL) and SP Entity ID.
- Define the NameID (typically user email) to match what Harvestr expects.
- Export the IdP metadata (XML) or copy the metadata URL, then upload it into Harvestr’s SSO configuration.
- Assign the SAML app to user groups or users in your IdP so only authorized users can log in.

Once complete, your users will be able to authenticate into Harvestr using your corporate identity provider.

Harvestr sends its SAML AuthnRequest using the HTTP-Redirect binding. Your Identity Provider must therefore expose a <code>SingleSignOnService</code> endpoint that supports this binding in its metadata.

When you export your IdP metadata, make sure it contains an entry similar to:

&lt;md:SingleSignOnService    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"    Location="https://your-idp.com/sso/redirect-endpoint" /&gt;

If this line is not present, you may need to enable or declare the Redirect binding in your IdP’s SAML application settings. After updating the configuration, re-export the metadata and upload it to Harvestr so the SSO flow completes successfully.

If you need help with the setup, please contact our support team.

Integrate Harvestr with SAML, Google, or Microsoft SSO and manage authentication settings

Setting up SSO for Harvestr

Terms and Conditions

Privacy Policy

Security

API Docs

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Setting up SSO for Harvestr

Prerequisites

Managing Authentication Methods

Authorizing Multiple Domains for Google and Microsoft SSO

Setting up SSO with Okta, Google, Azure AD

General SAML SSO setup (for any IdP)

About the HTTP-Redirect binding