With single sign-on (SSO), your employees will be able to login with their existing company identity, and will not need to keep a separate set of login username/password for Leapsome. Leapsome integrates with any external system capable of acting as a SAML 2.0 identity provider.
What is SAML?
SAML (Security Assertion Markup Language) is a popular open standard for authentication and authorisation between two parties. These parties are referred to as an identity provider, such as Microsoft Azure Active Directory, Okta, OneLogin, and a service provider application such as Leapsome. The user sign-in flow can be initiated both from the service provider website as well as directly from an identity provider’s app portal page.
If your existing identity management system supports the SAML 2.0 protocol it can be configured as the single sign-on for Leapsome. Popular hosted services with SAML support include G Suite, Microsoft Azure Active Directory, Okta, OneLogin and others. If you are using G Suite there is no need to configure SSO. All users of your domain can simply click the 'Sign in witch Google' button to sign in.
Your account administrators can set up single sign-on in your account under "Admin Settings" > "Integrations & SSO". As the screenshot below shows, you will need to provide a SSO Login URL and a Base64 - encoded certificate.
When configuring the integration in your identify, make sure to that your system provides the user's email address as user identifier/nameID. Leapsome also recognizes the attributes
- firstname (the employee's given name)
- lastname (not surprisingly, the employee's last name)
- title (the job title of the employee)
- picture (an URL to the employee's picture)
in the namespace http://schemas.xmlsoap.org/ws/2005/05/identity/claims/. Using these will allow you to point your employees directly to the login URL and populating relevant information when they sign in for the first time.
Please get in touch with our support team if you need any help.