SSO Self Service
The Emply platform is built for Emply's customers to set up their SSO themselves using the SAML method, without having to contact Emply Support.
- You have address to your metadata
- Permission to access and change your ADFS settings
- Knowledge of how to set claims for your AD
- Microsoft Azure P2 or Microsoft Azure E5*
*Make sure you can activate Single Sign-On with your Microsoft solution - plans may change since this guide have been written - you should check out your Microsoft license plans.
Make sure that your IT consultant has a user role / access to Settings > Integrations in Emply.
Create an "IT" role in Emply under Settings > Account > Roles.
Your HR department or Emply Customer relations can create roles and give the IT consultant user access.
How to set-up Single Sign-on
Login to your Microsoft Azure as administrator > Portal
- Go to Enterprise Applications or Create directly Enterprise application from shortcut
- Choose Non-Gallery - name it Emply or something
- Add users / groups - It's important that all users that need access to Emply are added here!
- Next choose Single Sign on in menu
- Choose SAML
- Box1 - Basic SAML Configuration - Set Address to your Emply URL (company.emply.com)
- Box 3 SAML signing Certificate
- Copy federation metadata url and login to Emply
- Use administrator or IT role with permissions to integrations
- Navigate to Settings -> Integrations
- Activate Single Sign-On using SAML
Emply SAML 2.0 federation metadata URL
Copy this and use it for creating Emply as ”Relying Party Trust” on your ADFS server
SAML 2.0 federation metadata URL
- Customer metadata URL – paste your URL to your public metadata. https://saml.company.com/federationmetadata.xml
- Microsoft Example: https://adfs.suffix/FederationMetadata/2007-06/FederationMetadata.xml
Default user role
This must be configured for the role that has the fewest rights – the role that’s in the bottom of the list - most often "Recruitment Team" or Employee (If you have Talent Management module activated).
Require single sign-on
If this is activated – you will only be able to login to Emply from your local net or through VPN
Show claims from SAML server
Optional – if activated it can be used for troubleshooting
– Remember to deactivate again
If you encounter problems when you login after have followed this guide setting up SSO - switch on claims from SAML server in Emply.
Also make sure that your ADFS is showing claims for user name and email - read more here: