SAML Single sign-on

How to add SAML SSO to your company account

Mio Mattsson avatar
Written by Mio Mattsson
Updated over a week ago

Click here for instructions for Google Workspace, here for the Microsoft Azure AD app and go here for AlexisHR's Okta app. If you need any assistance, please book a meeting with your Customer Success or write us in the chat.


  • You need to be an Owner in AlexisHR to enable SSO

  • Make sure your account plan allows you to use SSO

Supported Features

  • IdP-initiated SSO

  • SP-initiated SSO (See note)

Note: By default and when following the instructions below IdP-initiated SSO is enabled in AlexisHR. To enable SP-initiated SSO, follow the below set steps and then contact your Customer Success or write us in the chat.

Procedure - How to set up SSO via SAML 2.0

You will have to locate this information in your specific identity provider (IdP).

  • SSO URL: URL at the IdP to which SAML authentication requests should be sent. This is often called an SSO URL.

  • Logout URL*: URL at the IdP to which SAML logout requests should be sent. This is often called a logout URL, a global logout URL, or a single logout URL (see note).

  • Public x509 certificate: Certificate needed to validate the signature of the authentication assertions that have been digitally signed by the IdP. There should be a place to download the signing certificate from the IdP. If the certificate is not in .pem or .cer format, you should convert it to one of these formats.

    *This feature is currently not fully implemented in AlexisHR but is still a required field due to limitations in our 3rd party vendor (Auth0).

    Go to Settings -> SAML Single sign-on and enter the information

    You will receive the following information:

  • Audience URI

  • Assertion Consumer Service URL (ACS URL)

Copy this information and add it to your IdP

Setting up SSO in your IdP

  • Signed Response: Can be set to true (optional)

  • Name ID format: Email or Unspecified

  • Name ID: should be set where the users work email is stored

  • IdP Work Email attribute: should be mapped to email

Did this answer your question?