Search

Single Sign-On (SSO) - AD FS

This is a guide to setting up the SSO integration. TheEmply People platform is built so you as an Emply People customer can set up SSO using the SAML method, without having to contact Emply People Support.

Requirements for the setup

  • Federation metadata URL.

  • Right and access to change your AD FS configuration.

  • Knowledge of how to set claims of your AD.

Make sure your IT staff has access to Settings+Integrations .

Create an 'IT' role in Emply People under Settings+Account+Roles+New role and enter the title and select IT under Import settings.

IT.png

Setup in Emply People

Usually, the HR department or the platform administrator(s) can set up rights and roles. Log into your Emply People solution and go to Settings+Integrations find the Single Sign On integration and click on Activate.

mceclip0.png

Preparation for setup

A new window will open as shown below:

Skærmbillede 2024-01-30 kl. 10.34.42.png

Copy the Emply People SAML 2.0 Federation Metadata URL. This will be used when setting up Emply People as Relying Party Trust on your ADFS server/provisioning tool.

  • 21076111267229-mceclip1.png

    • Default user role: Should the role with the fewest rights, which is usually Recruitment team. If you have Onboarding or Talent Management, this should be Employee.

    • Require signle sign-on: If this is enabled, you can only log in from your own domain/IP or via VPN.'

    • Show claims from SAML server: Turn on test mode while setting up/troubleshooting if you encounter problems after setting up. This mmust be turned off again afterwards.

AD FS setup

  1. Open AD FS and go to Server Manage.

  2. Click on Tools.

  3. Choose AD FS Management.

  4. Under Actions, click on Add Relying Party Trust..

    ADFS1.png

  5. In the Welcome tab, choose Claims aware and then click Start.

    ADFS2.png

  6. In the Select Data Source tab, insert the Emply People SAML 2.0 Federation Metadata URL.

  7. Click on Next

    ADFS4.png
    ADFS3.png

  8. In the next tab called Specify Display Name, enter a name in the field Display Name.

  9. Under Notes, you can enter a description of your Relying Party Trust and then click on Next.

  10. Under Choose Access Control Policy, choose who should have access.

    ADFS5.png

  11. Under Ready to Add Trust, you will have the opportunity to review the settings. Your Emply People federation metadata URL should appear.

  12. To add the Relying Party Trust, click Next.

    ADFS6.png

  13. You will then see the Finish tab where you can click on Close.

    ADFS7.png

  14. Emply People is now added as a Relying Party Trust, it can be found in the Relying Party Trust folder.

    ADFS8.png

Setting up the claim rule

  1. In the Relying Party Trust folder, click on Edit Claim Issuance Policy for Emply People.

  2. Here you click Add rule and continue by clicking Ok.

    ADFS9.png

  3. The Choose Rule Type tab will open and choose Send LDAP Attributes as Claims.

  4. Click on Next to continue.

    ADFS10.png

  5. The Configure Claim Rule tab, where you can choose E-mail-Addresses for both LDAP Attribute and Outgoing Claim Type.

  6. Click on Finish.

    ADFS11.png

  7. You will be redirected to Edit Claim I Policy for IssuanceEmply People. Click on Apply+OK.

You can now test your login on your [customer].emply.com solution.

Important

Be aware that the AD user should also be a user in Emply People.

Trouble shooting

  • Test on your login on the Emply People website.

  • AD user must also be a user in Emply People.

  • Set up claims in the SSO application.

    Skærmbillede 2024-01-16 kl. 11.13.38.png

  • Log in with the user and, in case of error, a message similar to the one below will appear. Fix the issue and remember to disable claims in my Emply People on SSO.

    Screenshot_2022-10-13_at_10.52.56.png

Was this article helpful?

Related articles

Was this article helpful?

Want to get in touch?

We got you. Fill out a request and we'll get back to you as soon as possible.

Submit a request