Click here for instructions for Google Workspace, here for the Microsoft Azure AD app and go here for AlexisHR's Okta app. If you need any assistance, please book a meeting with your Customer Success or write us in the chat.
You need to be an Owner in AlexisHR to enable SSO
Make sure your account plan allows you to use SSO
SP-initiated SSO (See note)
Note: By default and when following the instructions below IdP-initiated SSO is enabled in AlexisHR. To enable SP-initiated SSO, follow the below set steps and then contact your Customer Success or write us in the chat.
Procedure - How to set up SSO via SAML 2.0
You will have to locate this information in your specific identity provider (IdP).
SSO URL: URL at the IdP to which SAML authentication requests should be sent. This is often called an SSO URL.
Logout URL*: URL at the IdP to which SAML logout requests should be sent. This is often called a logout URL, a global logout URL, or a single logout URL (see note).
Public x509 certificate: Certificate needed to validate the signature of the authentication assertions that have been digitally signed by the IdP. There should be a place to download the signing certificate from the IdP. If the certificate is not in
.cerformat, you should convert it to one of these formats.
*This feature is currently not fully implemented in AlexisHR but is still a required field due to limitations in our 3rd party vendor (Auth0).
Go to Settings -> SAML Single sign-on and enter the information
You will receive the following information:
Assertion Consumer Service URL (ACS URL)
Copy this information and add it to your IdP
Setting up SSO in your IdP
Signed Response: Can be set to true (optional)
Name ID format: Email or Unspecified
Name ID: should be set where the users work email is stored
IdP Work Email attribute: should be mapped to email