Configuring a Corporate Single Sign On integration is a two-part process.
Part 1 is carried out within your SSO provider’s interface – this is where you set up Eploy as an approved Application and create the linkage between a user’s Eploy account and their SSO account.
Part 2 is carried out back within Eploy – this is where you enter the Corporate SSO settings obtained during Part 1 into Eploy.
Finally, you’ll need to carry out a couple of tests to make sure everything is working as it should, then ensure all users are configured correctly.
Part 1 – Configuring Okta
- To start, log in to Okta and select Admin from the top right-hand corner of the screen (only administrators will have this option)
- Within the Admin view, select Getting Started from the menu on the left-hand side of the screen. Locate the Use single sign-on section in the middle of the page and click Add App.
- You’ll now see a list of featured apps – Eploy won’t be there. Instead, you’ll need to click Create New App
- On the following page, select SAML 2.0 and click Next
- You’re now on the Create SAML Integration page. Okta will walk you through the steps you need to complete. Begin by entering Eploy into the App Name field, then click Next.
- On the following page, enter the Single Sign On URL. All Eploy systems have the same SSO URL, the only difference is the name of the system - https://[YOUREPLOYSYSTEMNAME].eploy.net/admin/PortalFunctionsHandler.ashx?process=ReceiveCorporateSSO. If you’re at all unsure as to what your SSO URL is, please ask your Implementation Manager or the Customer Success Team. You’ll also need to enter the Audience URI (SP Entity ID) – simply enter Eploy. Once you’ve added both these items, scroll down the page.
- When you reach the Attribute Statements section, stop. This is where we’ll be linking a field within the user record in Eploy with a corresponding field within the Okta person profile. Within the Name field, enter username (this represents the username field within Eploy and should be written in lower case). In the Value field, select the appropriate field from the list. Most of the time we see this being set to user.email. When you’ve added this detail, click Next at the bottom of the page.
- You’ll now be asked to provide feedback. This is an optional step – you can click Finish to skip.
- Once all that’s done, you’ll be shown the details for your SSO. Before doing anything else, you need to assign Eploy to People and Groups – select the Assignments tab (if you forget to do this, nobody will be able to log-in to Eploy using the Okta SSO)
- You’ll now see a list of assigned users – to begin with, this will be blank. Click Assign, followed by Assign to People or Assign to Group
- Use the Assign button to assign Eploy to the People and Groups displayed, following the on-screen instructions, then click Done once you’ve finished assigning.
- Having assigned all People and/or Groups, return to the Sign On tab. Some of the information displayed here needs to be entered into Eploy. We recommend clicking the View SAML setup instructions option as this will then display only the information you need.
- Having clicked View SAML setup instructions, keep this page open and log in to Eploy in another browser tab or window, then move on to Part 2 of the SSO setup process, below.
Part 2 – Adding SSO details into Eploy
Once you have configured the SAML SSO within Okta, return to your Eploy system and navigate to Admin > Security Settings > Standard Users.
Scroll down to the Corporate Single Sign-On section and select Okta from the Provider drop-down list.
You’ll now be looking at the following list of fields:
Enter the following information:
- Entity ID = Eploy. This is the Audience URI (SP Entity ID) we added into Okta in step 6, above.
- Name = Identity Provider Issuer. Copy and paste this from item 2 within the Okta SAML instructions page.
- Single Sign On Service URL = Identity Provider Single Sign-On URL. Copy and paste this from item 1 within the Okta SAML instructions page.
- *Force SSO – tick this if you want to use the Force SSO feature. Note: as explained previously, this will prevent all users from being able to use their Eploy Username and Password to access the system.
- Finally, you’ll need to upload the SSO Certificate – this is the X.509 Certificate which must be downloaded from within item 3 of the Okta SAML instructions page.
Once you’ve finished entering all the details, scroll to the bottom of the page and click Save.
Note if your Hiring Managers will be logging in via the same SSO route, you’ll need to repeat the above steps within Eploy > Admin > Security Settings > Hiring Managers.
* WARNING: it is advisable not to Force SSO straight away, just in case it doesn't work, as you can lock yourself out of Eploy. Follow the steps in Testing SSO first, and then once you are happy that you can log in via SSO, go back and Force SSO both for your Standard and Hiring Manager users.