Salesforce can act as a single sign-on (SSO) provider to hundreds of web and mobile applications using standards such as SAML, OAUTH, and OpenID Connect.
PurelyHR supports SAML based SSO protocol. Follow these step-by-step instructions to configure SSO to PurelyHR.
Here's the Process:
Pre-requisites
Need SAML enabled admin account for PurelyHR
Setup Salesforce as a SAML Identity Provider(IdP)
Follow this link to setup your Salesforce org as a SAML Identity Provider
Download the Salesforce SAML IdP certificate. You will need it later in the below instructions.
In PurelyHR, follow these steps,
Sign in to your PurelyHR admin account.
Click on Your Dashboard
SSO Settings
In Generic SAML Connector, you will find settings for IdP Provider Settings along with PurelyHR ACS URL.
Enter 'x.509 Certificate as your Salesforce Identity Certificate Content.
Click on Save Changes button to save the settings.
In Salesforce, follow these steps,
Login as an Administrator, and navigate to Setup | App Setup | Create | Apps
Under Connected Apps section, click New.
Under Basic Information,
Provide Connected App Name
The field API Name is auto-populated
In the field Logo Image URL, select Choose one of our sample logos, find the logo, and copy past the logo url. Or, enter your own URL.
In the field Contact Email, enter your email address.
Under Web App Settings,
Select Enable SAML
Enter Entity ID as purelyhr.com
Enter ACS URL as provided by PurelyHR and append your CompanyID as query string parameter. e.g.https://www.purelyHR.com/cpanel/sso/consume.aspx?company_id=YOURCOMPANYIDHERE
Select Subject Type e.g. Federation ID
In the field Name ID Format, keep the default selection (unspecified)
In the field Issuer, keep the default value
In the field Service Provider Certificate, keep the default (unselected)
Save the settings
Go to Manage Apps | Connected Apps
Select your App.
Click Manage Profiles or Manage Permission Sets and add profiles/permission sets of users who can access this app.
Above Manage Profiles, you will find the Login Information summary
IdP Initiated Login URL: It will be used to test the IdP initiated SSO.
Right-click IdP-Initiated Login URL, and copy link into a notepad.
Click Edit
In the field Start URL, copy and paste the URL from Notepad.
Click Save.
SSO setup for PurelyHR is complete.
Setup through Salesforce App Launcher:
Go to App Launcher
Click on the PurelyHR icon
It will create a PurelyHR session on successful SSO
Please Note: PurelyHR does not support SP-initiated SSO.