Skip to main content
All CollectionsHRIS IntegrationsAuthentication
SAML Single sign-on
SAML Single sign-on

How to add SAML SSO to your company account

Mio Mattsson avatar
Written by Mio Mattsson
Updated over 2 months ago

Click here for instructions for Google Workspace, here for the Microsoft Azure AD app and go here for AlexisHR's Okta app. If you need any assistance, please book a meeting with your Customer Success or write us in the chat.

SAML

Security Assertion Markup Language, or SAML, is a standardized way to tell external applications and services that a user is who they say they are. SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications.


Prerequisites

  • You need to be an Owner in AlexisHR to enable SSO

  • Make sure your account plan allows you to use SSO

Supported Features

  • IdP-initiated SSO

  • SP-initiated SSO (See note)

Note: By default and when following the instructions below IdP-initiated SSO is enabled in AlexisHR. To enable SP-initiated SSO, follow the below set steps and then contact your Customer Success or write us in the chat.

Procedure - How to set up SSO via SAML 2.0

You will have to locate this information in your specific identity provider (IdP).

  • SSO URL: URL at the IdP to which SAML authentication requests should be sent. This is often called an SSO URL.

  • Logout URL*: URL at the IdP to which SAML logout requests should be sent. This is often called a logout URL, a global logout URL, or a single logout URL (see note).

  • Public x509 certificate: Certificate needed to validate the signature of the authentication assertions that have been digitally signed by the IdP. There should be a place to download the signing certificate from the IdP. If the certificate is not in .pem or .cer format, you should convert it to one of these formats.
    โ€‹
    โ€‹*This feature is currently not fully implemented in AlexisHR but is still a required field due to limitations in our 3rd party vendor (Auth0).

    Go to Settings -> SAML Single sign-on and enter the information


    You will receive the following information:

  • Audience URI

  • Assertion Consumer Service URL (ACS URL)

Copy this information and add it to your IdP

Note : In Azure you need to provide e Audience URI and Assertion Consumer Service URL before being able to download the certificate. In order to get around this you need to fill the form in Azure form with dummy values, generate the key and then correct the dummy values in Azure.

Setting up SSO in your IdP

  • Signed Response: Can be set to true (optional)

  • Name ID format: Email or Unspecified

  • Name ID: should be set where the users work email is stored

  • IdP Work Email attribute: should be mapped to email

Did this answer your question?