Skip to main content

HashiCorp Cloud SAML integration

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only they know or have access to.

HashiCorp Cloud is a software company with a freemium business model based in San Francisco, California. HashiCorp Cloud provides tools and products that enable developers, operators and security professionals to provision, secure, run and connect cloud-computing infrastructure.

Arculix by SecureAuth offers a simple method for adding single sign-on (SSO) MFA to HashiCorp Cloud through its SAML solution.


  • Configured Arculix instance and user account with administrative privileges for Arculix.

  • Configured Arculix LDAP Agent.

    For more information, see the Arculix LDAP Agent deployment guide.

  • User account with administrative privileges for HashiCorp Cloud.

HashiCorp Cloud configuration

In this section, you'll configure HashiCorp Cloud as a service provider (SP).

  1. Download the SAML metadata and certificate for your organization from Arculix.

    Metadata download:<myorganization>/saml/download/metadata

    View metadata:<myorganization>/saml/metadata

    Certificate download:<myorganization>/saml/download/cert

  2. Log in to your HashiCorp Cloud tenant as an administrator.

    Go to Project settings and click Go to organization settings

  3. Go to SSO and click Configure SSO for your organization.

  4. The Setup SAML SSO page appears. Do the following:

    1. Use the verification record from HashiCorp to create a DNS TXT record for your domain.

      For more information on DNS TXT records, see How to create a DNS TXT record.

    2. In the Enter domain section, enter your organization's domain and click Verify domain.

      If the verification is successful, you may proceed with the SSO configuration. If the request fails, your changes to the DNS records may not have taken effect yet. This can take up to 72 hours.

    3. Copy the SSO Sign-on URL and SAML Entity ID for Arculix configuration.

  5. In the Finalize SSO Settings section, set the following:

    SAML IDP Single Sign-ON URL

    Enter the Arculix Single Sign-On URL found in the Arculix metadata.

    SAML IDP Certificate

    Enter the Arculix Certificate found in the Arculix metadata.

  6. Click Save.

Arculix SAML configuration as an Identity Provider (IdP)

In this section, you'll add an application for HashiCorp Cloud and set the SAML configuration settings. This will be the Identity Provider (IdP) side of the configuration.

  1. Log in to Arculix with an administrative account and go to Applications.

  2. Click Create New Application.

    Create new application
  3. In the New Application form, on the General tab, set the following configurations:


    Set the name of the application. This is the name to display for push notifications, in the Admin panel, Application portal, and audit logs.

    For example, HashiCorp Cloud.


    Set to SAML Service Provider.

    Out of Band Methods 

    Select the allowed methods end users can choose to approve MFA requests.

    For example, Arculix Mobile app (push notifications), SMS, or Security Key.

    Message for MFA Requests 

    Optional. Type a message displayed to end users when sending an MFA request via push notification, SMS, or email.

  4. Select the SAML Service Provider Configuration tab, and set the following configurations:

    Issuer or Entity ID 

    Enter the SAML Entity ID provided in the HashiCorp Cloud SAML configuration section.

    For example, urn:HashiCorp Cloud :HCP-SSO-000-samlp

    Log in URL 

    Enter the SSO Sign-on URL provided in the HashiCorp Cloud SAML configuration section.

    For example, https://auth.HashiCorp Cloud .com/login/callback?connection=HCP-SSO-0000-samlp

    NameID Format 

    Set to Email Address.

    Name Identifier 

    Set to Email.

    ACS URL 

    Enter the SSO Sign-on URL provided in the HashiCorp Cloud SAML configuration section.

    For example, https://auth.HashiCorp Cloud .com/login/callback?connection=HCP-SSO-0000-samlp


    Set to RSA-SHA256.

  5. In the Asserted Attributes section, set the following values:

    Friendly Name



    Name Format




  6. Save your changes.

Test your application integration

  1. Go to your HashiCorp Cloud account subdomain and select login by Arculix.

  2. You will be redirected to the Arculix SSO page.

    Application login page with QR code
  3. After successful authentication, select your preferred MFA method to approve access to the HashiCorp Cloud application.

    Select MFA method
  4. Finally, you will be redirected to your HashiCorp Cloud page.


If you have questions or need assistance, contact SecureAuth Support.


Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.


All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.

Microsoft and Active Directory are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.