HackerOne

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for HackerOne using SAML.

About HackerOne

HackerOne is a bug bounty and vulnerability coordination platform. The HackerOne app helps organizations to determine and mitigate their critical software vulnerabilities.

After integrating HackerOne with Oracle Identity Cloud Service:

  • Users can access HackerOne using their Oracle Identity Cloud Service login credentials.
  • Users can start HackerOne using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the HackerOne app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A HackerOne account with authorization rights to configure federated authentication.

Configuring the HackerOne App in Oracle Identity Cloud Service

Use this section to register and activate the HackerOne app, and then assign users to the app.

Registering and Activating the HackerOne App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for HackerOne, click Add, and then click Next.

  4. Click Download Identity Provider Metadata.

    Tip: Use this file later during the HackerOne configuration in the "Configuring SSO for HackerOne" section.

  5. Click Download Signing Certificate.

    Tip: Use this file later during the HackerOne configuration in the "Configuring SSO for HackerOne" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the HackerOne App

  1. On the HackerOne app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to HackerOne, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the HackerOne app is assigned to the users that you selected.

    Note: The HackerOne app can be accessed by a user who is assigned to the HackerOne app in Oracle Identity Cloud Service, even if the user does not have a HackerOne account.

Configuring SSO for HackerOne

  1. Access HackerOne as an administrator using the URL: https://hackerone.com/users/sign_in. The HackerOne home page appears.

  2. In the upper-right corner, click the drop-down list, and then click Settings under your company name.

  3. Click Authentication, and then click Add SAML settings.

  4. Use the table to update the federated authentication attributes, and then click Save.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Settings
    Email Domain Enter your email domain.
    Single Sign On URL Enter the Single Sign On URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.
    X.509 Certificate Paste the certificate that you downloaded during HackerOne registration in Oracle Identity Cloud Service. See the "Registering and Activating the HackerOne App" section.
  5. Click Run test. This launches a new window that allows a test login.

  6. After your test login succeeds, you can request approval of your settings. Click Request Verification.

  7. Your SAML configuration is reviewed and verified from the HackerOne team. A notification is sent after a successful verification.

  8. After HackerOne approves your request, click Migrate Users, and then SAML is enabled for your users.

    Notes:

    • To update the SAML configuration, please contact the HackerOne team.
    • Enabling SSO deactivates the ability to log in using the HackerOne user name and password. Remain logged in to the HackerOne session until you complete the next section to verify that Identity Provider initiated SSO from Oracle Identity Cloud Service works.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP initiated SSO) or from HackerOne (SP initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the HackerOne app. Oracle Identity Cloud Service displays a shortcut to HackerOne under My Apps.

  3. Click HackerOne. The HackerOne home page appears.

  4. Confirm that the user that is logged in is the same for both HackerOne and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from HackerOne

  1. Access HackerOne using the URL: https://hackerone.com/users/sign_in.

  2. Enter your email address, and then click Sign in. You are redirected to the Oracle Identity Cloud Service login page.

  3. Log in using credentials for a user that is assigned to the HackerOne app. The HackerOne home page appears.

  4. Confirm that the user that is logged in is the same for both HackerOne and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from HackerOne works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Oracle Identity Cloud Service displays the message, “You are not authorized to access the app. Contact your system administrator." or “There is a problem with your account. Please contact Support."

Cause: The SAML 2.0 integration between the Oracle Identity Cloud Service HackerOne app and HackerOne is deactivated.

Solution:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then HackerOne.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.
Oracle Identity Cloud Service displays the message, “You are not authorized to access the app. Contact your system administrator."

Cause: The administrator revokes access for the user at the same time that the user tries to access the HackerOne app using Oracle Identity Cloud Service.

Solution:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select HackerOne.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.