How to Configure SAML 2.0 for hCaptcha

Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular log in page. They will only be able to access the app through the Okta service.

Backup URL

hCaptcha does not provide a backup log in URL where users can sign in using their normal username and password. You can contact hCaptcha Support (support@hcaptcha.com) to turn off SAML, if necessary.


Supported Features

The Okta/hCaptcha SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Contact the hCaptcha Support team (support@hcaptcha.com) and request that they enable SAML 2.0 for your account.

  2. Include the following IDP Metadata with your request:

    Sign into the Okta Admin dashboard to generate this value.

  3. The hCaptcha Support team will process your request and will provide you with the Organization ID.

  4. In Okta, select the Sign On tab for the hCaptcha SAML app, then click Edit:

    • Configured SAML Attributes: Select the appropriate filter from the dropdown menu for the groups attribute, then type the preferred value into the field.

      Note: To send all groups a user is assigned to, select Matches regex and type .* (dot and asterix).

    • Scroll down to ADVANCED SIGN-ON SETTINGS.

    • Enter your Organization ID provided to you by hCaptcha into the corresponding field.

    • Click Save:

    Configure SAML attributes in Okta, also add Organization ID in Okta

  5. Now you can start assigning people to the application.

  6. Done!


The following SAML attributes are supported:

SP-initiated SSO

  1. Go to https://dashboard.hcaptcha.com/org/[your-Organization-ID]/login

  2. Click Sign in with SAML.