SAML integration with Azure
SAML (Security Assertion Markup Language) is a markup language that is an XML-based open-standard for exchanging authentication and authorization data between parties in a process. Using the SAML protocol, users can access many of their cloud applications with just one login and password. PeopleForce transfers the authentication process to a single system that supports the SAML protocol (Identity Provider, IdP), which in turn authenticates users when a user tries to access the system.
This option will make the system available to all users who have access to your trusted identity provider, such as Google Workspaces, Azure Active Directory, Okta, OneLogin, or any provider that supports SAML.
1. Create new application
Go to Enterprise applications and click “Create your own application”. Add an app name, for example, PeopleForce, and make sure that the option “Integrate any other application you don’t find in the gallery (Non-gallery)” is selected. After this click button “Create”.
2. Set up single sign-on
Once the application is created you will be redirected to the overview page. Click on step 2. Set up single sign-on link “Get started”.
3. Adding basic SAML configuration
To do so find the button “Edit” and click it. You will need to fill 2 required fields in the newly opened panel: Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL).
4. Enabling SSO from PeopleForce
Open PeopleForce and go to “Settings” → “Authentications”. Find the SSO section and choose the “SAML” section.
After SAML is selected you will be presented with 3 fields and an infobox.
5. Copy Entity ID and ACS URL from PeopleForce
Copy from PeopleForce info box links and paste in Basic SAML Configuration
- ASC URL into Reply URL
- Entity ID into Identifier
Save your changes to the configuration
6. Copying certificate
In Azure SSO setup, you will see the Certificate (Block #3), download raw data, open it with notepad and copy certificate data (including begin/end certificate text) into the Certificate field in PeopleForce.
7. Copying SSO URL and Entity ID
In Azure SSO setup, you will see links for Login URL and Azure AD Identifier, you will need to paste them into PeopleForce as follows:
Login URL - into IDP SSO URL field
Azure AD Identifier - into IDP Entity ID field.
Save entered data. Result should look as below:
After this SAML login will be available on the login page as the button “Company login”.
To be successfully logged in, your Azure email should match your work email in PeopleForce. Keep in mind that PeopleForce login and password will still be available to use.