To configure single sign-on via SAML, you need to verify domain ownership for your program.
To verify your domain:
Go to Organization Settings > Authentication > Verified Domains.
Click Add verified domain.
Enter the domain name you want to verify in the Domain name field.
Choose the Verification Method of your domain. You can choose from:
Note: Use only the part of the domain name used in the email address of the users that will be logging in. For example: if an email address looks like
acme.comas a domain name.
Click Add domain.
Follow the instructions on the page to allow HackerOne to verify you have ownership over the domain. Instructions will vary depending on the verification method you chose in step 4 above. You'll have to go to your DNS provider to manage settings on the domain.
Here's an example of using the DNS TXT record on Cloudflare to allow HackerOne to verify your domain:
Note: when using Amazon Route53 the
@character isn't used. You can just leave the name value empty.
Once your domain is successfully verified, the status of your domain will be changed to Verified. You can continue to set up your SAML settings.
If your verification has failed, you can choose to Cancel verification.