Azure AD - Single Sign-On

SSO Self Service

The Emply platform is built for Emply's customers to set up their SSO themselves using the SAML method, without having to contact Emply Support.

Requirements

  • You have address to your metadata
  • Permission to access and change your ADFS settings
  • Knowledge of how to set claims for your AD
  • Microsoft Azure P2 or Microsoft Azure E5*

*Make sure you can activate Single Sign-On with your Microsoft solution - plans may change since this guide have been written -  you should check out Microsoft license plans.

Preparation

Make sure that your IT consultant has a user role / access to Emply - integrations 

 -> Create an "IT" role in Emply.

Your HR department or Emply Customer relations can create roles and give the IT consultant user access.

Billede3.png

How to set-up Single Sign-on

  1. Login to your Microsoft Azure as administrator -> Portal

Sk_rmbillede_2020-04-27_kl._16.10.31.png

  • Go to Enterprise Applications or Create directly Enterprise application from shortcutSk_rmbillede_2020-04-27_kl._15.58.11.png
  • Choose Non-Gallery - name it Emply or something

 

  • Add users / groups - It's important that all users that need access to Emply are added here!Sk_rmbillede_2020-05-11_kl._11.24.04.png

 

  • Next choose Single Sign on in menuSk_rmbillede_2020-05-11_kl._11.27.08.png
  • Choose SAML

 

  • Box1 - Basic SAML Configuration - Set Address to your Emply URL (company.emply.com)Sk_rmbillede_2020-05-11_kl._11.33.44.png
  • Box 3 SAML signing CertificateBillede2.png
  • Copy federation metadata url and login to Emply

Sk_rmbillede_2020-04-28_kl._14.44.01.png

  • Use administrator or IT role with permissions to integrations
  • Navigate to Settings -> Integrations
  • Activate Single Sign-On using SAML

Sk_rmbillede_2020-05-05_kl._14.46.33.png

Sk_rmbillede_2020-04-28_kl._14.40.02.png

Emply SAML 2.0 federation metadata URL

Copy this and use it for creating Emply as ”Relying Party Trust” on your ADFS server

SAML 2.0 federation metadata URL

  1. Customer metadata URL – paste your URL to your public metadata. https://saml.company.com/federationmetadata.xml
  2. Microsoft Example: https://adfs.suffix/FederationMetadata/2007-06/FederationMetadata.xml

Default user role
This must be configured for the role that has the fewest rights – the role that’s in the bottom of the list - most often "Recruitment Team" or Employee (If you have Talent Management module activated).

Require single sign-on
If this is activated – you will only be able to login to Emply from your local net or through VPN

Show claims from SAML server
Optional – if activated it can be used for troubleshooting
– Remember to deactivate again

Trouble shooting

 If you encounter problems when you login after have followed this guide setting up SSO - switch on claims from SAML server in Emply.

Also make sure that your ADFS is showing claims for user name and email - read more here:

 
 
Billede2.png