enableHR is constantly trying to improve the ways for how SSO users can log in to enableHR. To date, enableHR allowed only IdP initiated flow but going forward enableHR will also support SP initiated flow. This means that SSO users instead of going to IdP providers, can come to enableHR login page and enter their username.
For SP initiated login to work, our Client Success team will work with the account administrator to obtain the primary domain from the email address that is used by the users for logging in. enableHR have added a new field under the SSO tab called ‘domain name’. This field will contain the domain name of the email address that is used by the SSO users to login. An example is gdclty.com. This domain name value can only be added by our Client Success team in the account configuration screen.
When SSO user enters the username and click on ‘Next’ button, enableHR have made certain changes on our end that will allow the authorization request to be sent to the Identity Provider for password and then the user will be authenticated on our end before logging in successfully.
So from now onwards, SSO users can also come to our login page and enter their username to log in successfully. Once the username is entered, our system will look into the domain name in the email address, if enableHR have that entry in any of our accounts enableHR will send the request to their IdP tool for validating credentials. Once successful, the user can log in without any issues.