AD FS - Single Sign on

SSO Self Service

The Emply platform is built for Emply's customers to set up their SSO themselves using the SAML method, without having to contact Emply Support.

Requirements

You have address to your metadata

Permission to access and change your ADFS settings

Knowledge of how to set claims for your AD 

Preparation

Make sure that your IT consultant has access to Emply integrations 

 -> Create an "IT role" in Emply.

Your HR department has to create and give the IT consultant access.

IT_role.png

Setting up in Emply

  • Log into your Emply solution.
  • Go to Settings and then Integrations.

Activate Single Sign-On

SSO_-Emply1.png

SSO_Emply_config.png

  1. SAML 2.0 federation metadata URL
    1. Customer metadata URL – paste your URL to your public metadata. https://saml.company.com/federationmetadata.xml
    2. Microsoft Example: https://adfs.suffix/FederationMetadata/2007-06/FederationMetadata.xml
  2. Emply SAML 2.0 federation metadata URL
    Copy this and use it for creating Emply as ”Relying Party Trust” on your ADFS server

  3. Default user role
    This must be configured for the role that has the fewest rights – the role that’s in the bottom of the list - most often "Recruitment Team" or Employee (If you have Talent Management module activated).

  4. Require single sign-on
    If this is activated – you will only be able to login to Emply from your local net or through VPN.

  5. Show claims from SAML server
    Optional – if activated it can be used for troubleshooting

 

Configure your AD FS

In Server Manager, click Tools, and then select AD FS Management.

Under Actions, click Add Relying Party Trust.

ADFS1.png

On the Welcome page, choose Claims aware and click Start.

ADFS2.png

On the Select Data Source page, click Enter data about the relying party manually, and then click Next.
ADFS3.png
Insert Emply SAML 2.0 federation metadata URL

On the Specify Display Name page, type a name in Display name, under Notes type a description for this relying party trust, and then click Next.

ADFS4.png

 

Choose Access Control Policy

ADFS5.png

Summary

ADFS6.png

Your Emply federationmetadata url should show

Finish

ADFS7.png

Emply is added as Relying Party Trust

ADFS8.png

Edit Claim Issuance Policy for Emply

ADFS9.png

Add rule

LDAP Attributes as Claims

ADFS10.png

Configure Claim Rule

ADFS11.png

Choose E-mail-Adresses (LDAP and outgoing)

Apply and Ok

ADFS12.png

Test your login on your [customer].emply.com solution

AD user has to be a user in Emply.