Configuring a Corporate Single Sign On integration is a two-part process.
Part 1 is carried out within your SSO provider’s interface – this is where you set up Eploy as an approved Application and create the linkage between a user’s Eploy account and their SSO account.
Part 2 is carried out back within Eploy – this is where you enter the Corporate SSO settings obtained during Part 1 into Eploy.
Finally, you’ll need to carry out a couple of tests to make sure everything is working as it should, then ensure all users are configured correctly.
Part 1 – Configuring Microsoft Office 365 and Azure
- First, log in to the administrator's account within Office 365 or Azure and navigate to Enterprise Applications, then click New Application.
- On the following page (Browse Azure AD Gallery), click Create your own application.
- You’ll now be looking at the Create your own application page. Type Eploy in the Input Name field, then select the third option – Integrate any other application you don’t find in the gallery (Non-gallery) and click Create, which is at the bottom of the screen.
- Office 365/Azure will now guide you through the rest of the process. Start by selecting option 1. Assign Users and Groups
- Use the Add user/group option to select those employees who should be given access to Eploy. Note: at this stage, you don’t need to worry about who is a Hiring Manager and who should have Recruiter/Admin access – that is taken care of within Eploy.
- Having assigned users and groups, use the menu on the left-hand side of the screen and select the next option, Single sign-on. Once on the SSO page, select the SAML option
- You’ll now need to edit the SAML configuration – select the Edit option against Basic SAML Configuration. This will open a new dialogue on the right hand of the screen where you can enter the SAML details
- Within the Basic SAML Configuration window (the new dialogue which opened to the right of the screen), enter the following two pieces of mandatory information (nothing else needs to be filled in):
- Identifier (Entity ID) = Eploy
- Reply URL (Assertion Consumer Service URL) = https://[YOUREPLOYSYSTEMNAME].eploy.net/admin/PortalFunctionsHandler.ashx?process=ReceiveCorporateSSO
Note the Reply URL above is the same for all Eploy systems – the only thing that changes is the first bit, [YOUREPLOYSYSTEMNAME]. If you don’t know what this is, please ask your Implementation Manager or the Customer Success Team.
- Once you have filled in the above information, click Save at the top left-hand corner of the Basic SAML Configuration screen, then click Edit next to the Attributes and Claims section
- Within the Attributes and Claims window, select Add new claim. You’re now creating the link between a field in the User record within Eploy and a corresponding field within the user’s Azure/Office 365 account:
- In the Name field, enter the username (this is the username field within Eploy – make sure it’s all in lowercase)
- Set the Source option to Attribute
- Finally, within the Source attribute field, select the corresponding field from the Azure/Office 365 field list. The most common option used here is user.mail. This will instruct the SSO interface to match the email address of the user with the username field within Eploy – if the two match, they’ll be able to log in.
- When you’re done, click Save.
- Having entered these details and saved, return to the Single Sign-on page (see step 7, above). You’ll now find that sections 3 and 4 are now populated with information. Don’t close this page – you’ll need to copy some of this information in to Eploy, which we’ll look at next.
Part 2 – Adding SSO details in to Eploy
Once you have configured the SAML SSO within Azure/Office 365, return to your Eploy system and navigate to Admin > Security Settings > Standard Users.
Scroll down to the Corporate Single Sign-On section and select Office 365 from the Provider drop-down list.
You’ll now be looking at the following list of fields:
Enter the following information:
- Entity ID = Eploy. This is the Identifier (Entity ID) we added into Azure/Office 365 in step 8, above.
- Name = Azure AD Identifier. You’ll need to copy and paste this from Section 4 of the SAML page within Azure/Office 365
- Single Sign On Service URL = Login URL. You’ll need to copy and paste this from Section 4 of the SAML page within Azure/Office 365
- *Force SSO – tick this if you want to use the Force SSO feature. Note: as explained previously, this will prevent all users from being able to use their Eploy Username and Password to access the system.
Finally, you’ll need to upload the SSO Certificate – this is the Base 64 Certificate which must be downloaded from within Section 3 of the SAML page in Azure/Office 365.
Once you’ve finished entering all the details, scroll to the bottom of the page and click Save.
Note if your Hiring Managers will be logging in via the same SSO route, you’ll need to repeat the above steps within Eploy > Admin > Security Settings > Hiring Managers.
* WARNING: it is advisable not to Force SSO straight away, just in case it doesn't work, as you can lock yourself out of Eploy. Follow the steps in Testing SSO first, and then once you are happy that you can log in via SSO, go back and Force SSO both for your Standard and Hiring Manager users.