Introduction and scope
This article is a guide to setting up the SSO integration. Emply is build so you as a customer can set up the integration using the SAML method.
Requirements for setup
Permission and access to modify your setup in Microsoft Entra ID.
Preparation for setup
Make sure that your IT consultant has the user role 'IT' in Emply, and has the right to administre integrations.
Create an 'IT' role in Emply under Settings > Account > Roles > select 'New role' > enter title and select 'IT' under 'Import settings'.
Your HR department or Emply Customer Relations can create the role and give the IT consultant access to Emply.
NOTE: 'Nested Groups' are not supported.
Setting up Single Sign-On
Login to Microsoft Entra ID as administrator https://portal.azure.com.
Go to Enterprise Applications:
Click on 'Add an application'.
Choose SAML 1.1 Token enabled LOB App:
Configuring SAML-based Sign-on
- Identifier, Reply URL and Sign-On URL are set to your domain
- Attributes & Claims are set as below
3. Copy 'App Federation Metadata Url':
Then log in to your Emply solution with an administrator / IT role. You may need to use this URL to log in: customer.emply.com/login.
Go to Settings > Integrations > find 'Single Sign-On using SAML' and click on Activate.
Paste the copied 'App Federation Metadata URL' under 'SAML 2.0 federation metadata URL', as shown in the screenshot below:
Select the lowest access level for the 'Default user role'. This is often 'Recruitment Team', which is last in the list.
For 'Requires Single Sing-On', you can select 'Not Required' or 'Required'. If you select 'Required', it is not possible for external consultants to log in.
Finally, press Activate in the bottom of the window.
Test from Microsoft Entra ID
Troubleshooting
Once you have followed this guide and users are experiencing problems logging in, you can enable 'Show claims from SAML server' in the Single Sign-on app in Emply. You will then be able to test the login again and get further information about challenges logging in with SSO.