This Knowledge Base article will explain how to get started and configure SSO for your enableHR account.
Due to the technical nature of the SAML configuration, we are here to help as much as possible to get you started. However, don’t forget that your Identity Provider is your own system, and so there are some things we can do our best to support you with but are out of our hands.
Step 1: Set up enableHR as a service provider
Before you get started, you’ll need to set up enableHR as a Service Provider in your Identity Provider. We have guides to do this for common providers (G-Suite, Active Directory and ADFS or Azure Active Directory), but your own configuration and setup might be different from what we have in those guides. Once you’ve done that, you’ll need to grab the Federation Metadata from your IdP.
Guides for setting up enableHR as a service provider for:
Please Note: For clients planning to use Microsoft Azure for Single Sign On, please be aware that there may be additional costs involved with upgrading your Azure subscription to the Premium offering before SAML Single Sign On is made available for Azure.
Step 2: Switch on SSO
After you have set up enableHR as a Service provider, you can switch on enableHR’s SSO and enhance the experience for all your users. Follow the steps below:
1. Log into your account as an Account Administrator (this is usually the person who signed up for the enableHR account in the first place, although they may have given access to other users)
2. Click through Account Settings to the Security -> SSO tab
3. From this screen you’ll need to do the following in order:
- Enable SSO for your account (you can also come back here to turn it off);
- Provide the federation metadata;
- Choose how you want to authenticate your users;
- Choose how now user access is provisioned;
- Specify the login URL for your application (in case the user needs to be asked to authenticate again.
4. If you want to use full authentication and authorisation with your IdP being the source of truth, you’ll also need to reach out to our Client Experience team who will work with you on mapping access between the two systems.