How to set up SAML based single sign on for Empuls, with Azure AD
1. In the Azure portal, on the left navigation panel, select Azure Active Directory --> Enterprise Applications.
2. In the Enterprise applications pane, select +New application.
3. Switch to the legacy app gallery experience in Azure AD Gallery.
4. Click on the third card: Non-gallery application.
5. Add app name (For eg. Xoxoday Empuls) and Click the Add button on the bottom left corner.
6. Click on Users and groups and map the users to whom you want to give Empuls login access. You can simply give access to all users by setting the User Assignment Property to No as shown:
7. After that, go to Overview and select Set up single sign on --> SAML.
8. Click the Edit (Pencil Icon) button on the Basic SAML Configuration Card.
9. Please copy the following details from your Empuls account fill in the SAML configuration section: (You can even upload the service provider metadata .xml file to Azure)
- 1.Identifier (Entity ID): https://xxxxxx.xoxoday.com/chef/sso/metadata-sp/xxxxxx
- 2.Reply URL (Assertion Consumer URL) - https://xxxxx.xoxoday.com/chef/sso/validate-saml/xxxxx
- 3.SignOn URL - https://xxxxx.xoxoday.com/chef/sso/sso-redirect?company_id=xxxxx
- 4.Relay State - https://xxxxx.xoxoday.com/loginLogout URL - https://xxxxx.xoxoday.com/chef/sso/idp/logout/post/xxxxx
10. After this click on the Save button on the top left of the Basic SAML configuration pop up window.
11. On the Third card SAML signing certificate, click on the Download button beside Federation Metadata XML.
12. The downloaded metadata must be uploaded on your Empuls platform on /home/integrations/saml_sso as shown below.
13. Finally, go to Test Connection to ensure single sign on is enabled and working.