SAML authentication

Learn how to log in using SAML authentication

Updated over a week ago

⚠️ Available in Pofessional package. Interested? Please e-mail us at [email protected] to find out more.

Single sign-on is an authentication method that allows users to securely authenticate to multiple applications and sites using a single set of credentials. For example, your users will be able to log in using Google Workspaces, Azure Active Directory, Okta, OneLogin, Microsoft accounts and other service providers.

For authentication settings, you must have "Administrator" access rights or have access to the "Authentication" section 🔒. Contact your system manager to learn more about your access rights.

SAML authentication

SAML (Security Assertion Markup Language) is an open XML-based markup language designed to exchange authentication and authorization data between parties to a process. Using the SAML protocol, users can access many of their cloud applications with just one login and password. PeopleForce outsources the authentication process to a single SAML-enabled Identity Provider (IdP), which in turn authenticates users when they attempt to access the system.

This option will make the system available to all users who have access to your trusted identity provider, for example, Google Workspaces, Azure Active Directory, Okta, OneLogin or any SAML-enabled provider.

Setting up SAML authentication with Google Workspace

In this article, we'll guide you through the process of setting up SAML authentication using Google Workspace as your identity provider.

  1. Configure SAML Authentication in PeopleForce:

    • Go to Settings > Authentications and select the SAML Authentication option.

    • Optionally, mark the "Enforce SSO login" checkbox to allow users to log in with their work email and password. If not enabled, they can only log in with SAML authentication.

2. Configure SAML app in Google Admin Console:

  • Access the Google Admin console and navigate to Apps > Web and mobile apps.

Only the Google Workspace admin can set up SAML authentication in the Google Console.

  • From the ''Add app'' dropdown menu, select "Add custom SAML app."

3. Enter details for your custom SAML app:

  • Provide details such as the app name, description, app icon, and click "Continue."

4. Copy and paste SAML configuration details:

  • Copy the SSO URL, entity ID, and certificate from Google Admin Console and paste them into the corresponding fields in PeopleForce. Click "Save."

5. Copy ASC URL and entity ID from PeopleForce:

  • Copy the ASC URL and entity ID from PeopleForce and paste them into the appropriate fields in the Service provider details window in Google Admin Console. Click "Continue."

6. Complete the setup:

  • Click the "Finish" button to complete the SAML app setup.

7. Enable user access:

  • Change the service status to "On for everyone" to enable user access via SAML authentication.

Once SAML authentication is set up, users can log in using the "Company login" button. If SSO authentication is enabled, they can also log in via their work email/phone number and password.

For more information on SAML configuration, refer to the documentation of your trusted identity provider or contact their support team.

Troubleshooting:

Error 403 - Service is not enabled to this user

If a user encounters error 403 during login, ensure that user access is enabled in the Google console. Refer to step 7 of the article for guidance and follow the instructions provided.

Did this answer your question?