With single sign-on (SSO), your employees will be able to login with their existing company identity, and will not need to keep a separate set of login username/password for Leapsome. Leapsome integrates with any external system capable of acting as a SAML 2.0 identity provider.
What is SAML?
SAML (Security Assertion Markup Language) is a popular open standard for authentication and authorization between two parties. These parties are referred to as an identity provider, such as Microsoft Azure Active Directory, Okta, OneLogin, and a service provider application such as Leapsome. The user sign-in flow can be initiated both from the service provider website as well as directly from an identity provider’s app portal page.
Configuration
If your existing identity management system supports the SAML 2.0 protocol it can be configured as the single sign-on for Leapsome. Popular hosted services with SAML support include Google Workspace, Microsoft Azure Active Directory, Okta, OneLogin, and others. If you are using Google Workspace, please refer to this article to set up SSO.
Your account administrators can set up a single sign-on in your account under ' Settings' > 'Integrations' > 'Single Sign-On'. As the screenshot below shows, you will need to provide an SSO Login URL and a Base64 - encoded certificate.
When configuring the integration in your identity, make sure that your system provides the user's email address as user identifier/nameID. Leapsome also recognizes the attributes
- firstname (the employee's given name)
- lastname (not surprisingly, the employee's last name)
- title (the job title of the employee)
- picture (an URL to the employee's picture)
in the namespace http://schemas.xmlsoap.org/ws/2005/05/identity/claims/. Using these will allow you to point your employees directly to the login URL and populating relevant information when they sign in for the first time.
Please get in touch with our support team if you need any help.
Comments
0 comments
Please sign in to leave a comment.