Configure SSO from Salesforce

Pre-requisites

1. Need SAML-enabled admin account for PurelyHR
2. Access to Salesforce as an administrator.

Step 1: Setup Salesforce as a SAML Identity Provider(IdP)

1. Follow this link to setup your Salesforce org as a SAML Identity Provider.
2. Download the Salesforce SAML IdP certificate. You will need it later in the below instructions.

Step 2: Configure PurelyHR

1. Sign in to your PurelyHR admin account.
2. Navigate to:
   • Your Dashboard → SSO Settings
3. Under Generic SAML Connector, you'll find:
   • IdP Provider Settings
   • PurelyHR ACS URL
4. Enter the following:
   • x.509 Certificate: Paste your Salesforce Identity Certificate Content.
   • IdP Issuer:
     https://yoursalesforcedomainname.my.salesforce.com
     (Example: https://identitydemo.my.salesforce.com)
   • IdP Endpoint URL: https://yourdomainname.my.salesforce.com/idp/endpoint/HttpRedirect
5. Click on Save Changes.

Step 3: Configure Salesforce Connected App 

1. Login as Administrator and go to: 
   • Setup → App Setup → Create → Apps
2. Under Connected Apps, click New.
3. Fill in: 
   • Connected App Name (API Name auto-populates)
   • Logo Image URL (choose sample or provide your own)
   • Contact Email
4. Under Web App Settings:
   
   • Enable SAML
   • Entity ID: purelyhr.com
   • ACS URL: Use PurelyHR ACS URL and append your CompanyID:
     https://www.purelyHR.com/cpanel/sso/consume.aspx?company_id=YOURCOMPANYIDHERE
   • Subject Type: Federation ID
     
   • Name ID Format: Default (unspecified) 
   • Issuer: Default
   • Service Provider Certificate: Leave unselected
5. Save the settings.
6. Go to Manage Apps → Connected Apps:
   • Select your app.
   • Assign profiles/permission sets for users.
     
7. Copy the IdP-Initiated Login URL for testing. 
8. Edit the Start URL with the copied link and save. 

Step 4: Test SSO

Use IdP-Initiated Login URL or go to Salesforce App Launcher: 

1. Click on the PurelyHR icon.
2. A PurelyHR session will start upon successful SSO.