Empuls

Single sign-on allows users to log in to the Empuls account with organizational credentials to access all their corporate apps. More importantly, it grants admins the ability to add and revoke user access centrally using an existing identity management tool.

SAML (Security Assertion Markup Language) is a standard protocol that provides identity providers a secure way to let a service provider, such as Empuls, know who a user is. It does this by sending Empuls a cryptographically signed XML document that asserts the user is who they say they are.

Once configured, users can authenticate with the following process:

Enter the email address on the login page and click on <code>PROCEED</code>

The user is redirected to your identity provider interface, i.e., the AD login page.

The identity provider authenticates the user and redirects the user back to Empuls.

1. Enter the email address on the login page and click on <code>PROCEED</code>
2. The user is redirected to your identity provider interface, i.e., the AD login page.
3. The identity provider authenticates the user and redirects the user back to Empuls.
4. The user is granted access to Empuls.

Here is the list of few well-known, AD FS supported identity provider systems that are compatible with SAML 2.0 protocol.

<a href="https://intercom.help/empuls/en/articles/9054024-azure-ad" rel="nofollow noopener noreferrer" target="_blank">Azure AD</a>

<a href="https://docs.helpscout.com/article/879-enabling-sso-with-onelogin-as-the-identity-provider#setup" rel="nofollow noopener noreferrer" target="_blank">One login</a>

<a href="https://support.google.com/a/answer/6087519?hl=en" rel="nofollow noopener noreferrer" target="_blank">G Suite</a>

<a href="https://docs.pingidentity.com/bundle/pingone/page/xsh1564020480660-1.html" rel="nofollow noopener noreferrer" target="_blank">Ping Identity</a>

<a href="https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/add-saml-application.html" rel="nofollow noopener noreferrer" target="_blank">Oracle IAM</a>

- <a href="https://intercom.help/empuls/en/articles/9054024-azure-ad" rel="nofollow noopener noreferrer" target="_blank">Azure AD</a>
- <a href="https://developer.okta.com/docs/guides/build-sso-integration/saml2/overview/" rel="nofollow noopener noreferrer" target="_blank">Okta</a>
- <a href="https://docs.helpscout.com/article/879-enabling-sso-with-onelogin-as-the-identity-provider#setup" rel="nofollow noopener noreferrer" target="_blank">One login</a>
- <a href="https://support.google.com/a/answer/6087519?hl=en" rel="nofollow noopener noreferrer" target="_blank">G Suite</a>
- <a href="https://docs.pingidentity.com/bundle/pingone/page/xsh1564020480660-1.html" rel="nofollow noopener noreferrer" target="_blank">Ping Identity</a>
- <a href="https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/add-saml-application.html" rel="nofollow noopener noreferrer" target="_blank">Oracle IAM</a>
- <a href="https://help.empuls.io/en/articles/10854423-empuls-adfs-sso-configuration">ADFS</a>

Note: Any Identity Provider system that supports SAML 2.0 standards can be integrated with Empuls for SSO.

Now move on to Empuls User Authentication Admin setting and select Custom Login ​

1. Now move on to Empuls User Authentication Admin setting and select Custom Login ​

2. Please copy the following details from your Empuls account. You can even upload the service provider metadata .xml (empuls-sp-metadata.xml) file to your identity platform - which can be downloaded by clicking on "Download SP Metadata". ​

3. We validate users through their Email ID or Employee ID. Therefore, we expect either the Email ID or Employee ID to be included as the Unique User Identifier in the Name ID value of the SAML response payload. Once you configure the SP metadata details on your identity platform, download the IDP metadata XML file and upload it to your Empuls platform at /home/integrations/saml_sso, as shown below. ​

4. Finally, go to Test Connection to ensure single sign on is enabled and working. ​

Your browser settings may be blocking pop-ups. Please enable them to test the connection.

Learn how to set a default login method for all users in your organization <a href="https://intercom.help/empuls/en/articles/8928985-user-authentication" rel="nofollow noopener noreferrer" target="_blank">here</a>.

How SAML works?

Supported Identity Providers

How to set up SSO?