Single sign-on with ProConnect or Pro Santé Connect

The SSO feature is enabled on Advanced and Ultimate plans, and is otherwise available as an add-on.

Huwise allows access to your workspace to be managed through a single sign-on (SSO) authentication solution, and currently supports the OpenID Connect and SAML 2.0 protocols.

For information on how to map your SSO groups to your Huwise groups, see here.

Beyond the technical setup, using these French government connectors requires a formal authorization:

• DataPass authorization: Customers must obtain a DataPass authorization using Huwise’s specific DataPass identifier. This process establishes the necessary legal and technical contract between your organization, Huwise, and the French government authorities.

• Get support: This process involves specific administrative steps. Please contact your Customer Success Manager (CSM) to obtain the Huwise identifier and receive guidance on submitting your DataPass application. For more information, visit https://esante.gouv.fr/ens/offre/pro-sante-connect or https://esante.gouv.fr/ens/offre/pro-sante-connect.

The setup for ProConnect and ProSantéConnect follows the same logic as a standard OpenID Connect (OIDC) provider. If you are not familiar with the OIDC setup process, please first read our OIDC guide.

Below are the specific requirements and settings unique to these French government connectors.

Here, you must select the URL issuer corresponding to the environment you wish to use.

Single instance limitation: You can only have one active instance of each specialized provider at a time. You cannot run "Test" and "Production" environments simultaneously for the same connector.

Pro Connect

Choose the appropriate URL based on your current setup phase:

• Use this for your live portal: https://auth.agentconnect.gouv.fr/api/v2

• Test/sandbox: https://fca.integ01.dev-agentconnect.fr/api/v2

Pro Santé Connect

Select the endpoint provided by the ANS:

• For official healthcare professional authentication (CPS/e-CPS): https://auth.esw.esante.gouv.fr/auth/realms/esante-wallet

• Test/sandbox: https://auth.bas.psc.esante.gouv.fr/auth/realms/esante-wallet

After completing the wizard, additional settings are available in the Configuration tab. While these connectors are specialized and largely pre-filled, some settings require manual verification

To ensure that user profiles are correctly populated without manual input, the following attributes are automatically handled:

• Additional Claims: We automatically map usual_name (Nom d'usage) and given_name (Prénom) from the French identity provider's payload.

• Benefit: This ensures the user's name and surname display correctly on the portal from their first login.

During your setup, pay close attention to the following toggle:

• Accept login for users whose email has not been verified. For test environments, we recommend setting this to True. This is often necessary because test accounts in the French government "Sandbox" environments do not always have verified email flags.

When using ProConnect or ProSantéConnect, the login interface must strictly adhere to the official French government design guidelines:

• Fixed branding: To remain compliant with French regulations, you cannot modify the logo or the login label for these specific providers.

• Visual consistency: The "S'identifier avec ProConnect" and "Pro Santé Connect" buttons are standardized so users immediately recognize the trusted, state-approved authentication method.