SSO Self Service
The Emply platform is built for Emply's customers to set up their SSO themselves using the SAML method, without having to contact Emply Support.
You have address to your metadata
Permission to access and change your ADFS settings
Knowledge of how to set claims for your AD
Make sure that your IT consultant has access to Emply integrations
-> Create an "IT role" in Emply.
Your HR department has to create and give the IT consultant access.
Setting up in Emply
- Log into your Emply solution.
- Go to Settings and then Integrations.
Activate Single Sign-On
- SAML 2.0 federation metadata URL
- Customer metadata URL – paste your URL to your public metadata. https://saml.company.com/federationmetadata.xml
- Microsoft Example: https://adfs.suffix/FederationMetadata/2007-06/FederationMetadata.xml
- Emply SAML 2.0 federation metadata URL
Copy this and use it for creating Emply as ”Relying Party Trust” on your ADFS server
- Default user role
This must be configured for the role that has the fewest rights – the role that’s in the bottom of the list - most often "Recruitment Team" or Employee (If you have Talent Management module activated).
- Require single sign-on
If this is activated – you will only be able to login to Emply from your local net or through VPN.
- Show claims from SAML server
Optional – if activated it can be used for troubleshooting
Configure your AD FS
In Server Manager, click Tools, and then select AD FS Management.
Under Actions, click Add Relying Party Trust.
On the Welcome page, choose Claims aware and click Start.
On the Select Data Source page, click Enter data about the relying party manually, and then click Next.
Insert Emply SAML 2.0 federation metadata URL
On the Specify Display Name page, type a name in Display name, under Notes type a description for this relying party trust, and then click Next.
Choose Access Control Policy
Your Emply federationmetadata url should show
Emply is added as Relying Party Trust
Edit Claim Issuance Policy for Emply
LDAP Attributes as Claims
Configure Claim Rule
Choose E-mail-Adresses (LDAP and outgoing)
Apply and Ok
Test your login on your [customer].emply.com solution
AD user has to be a user in Emply.