Configure SSO from Salesforce

How can I configure SSO from Salesforce?

Salesforce can act as a single sign-on (SSO) provider to hundreds of web and mobile applications using standards such as SAML, OAUTH, and OpenID Connect.
PurelyHR supports SAML based SSO protocol. Follow these step-by-step instructions to configure SSO to PurelyHR.

Here's the Process:

Pre-requisites

  1. Need SAML enabled admin account for PurelyHR

Setup Salesforce as a SAML Identity Provider(IdP)

  1. Follow this link to setup your Salesforce org as a SAML Identity Provider
  2. Download the Salesforce SAML IdP certificate. You will need it later in the below instructions.

In PurelyHR, follow these steps,

  1. Sign in to your PurelyHR admin account.
  2. Click on Your Dashboard
  3. SSO Settings
  4. In Generic SAML Connector, you will find settings for IdP Provider Settings along with PurelyHR ACS URL.
  5. Enter 'x.509 Certificate as your Salesforce Identity Certificate Content.
  6. Enter IdP Issuer as https://yoursalesforcedomainname.my.salesforce.com e.g. https://identitydemo.my.salesforce.com
  7. Enter IdP Endpoint URL as https://yourdomainname.my.salesforce.com/idp/endpoint/HttpRedirect
  8. Click on Save Changes button to save the settings.

In Salesforce, follow these steps,

  1. Login as an Administrator, and navigate to Setup | App Setup | Create | Apps
  2. Under Connected Apps section, click New.
  3. Under Basic Information,
  4. Provide Connected App Name
  5. The field API Name is auto-populated
  6. In the field Logo Image URL, select Choose one of our sample logos, find the logo, and copy past the logo url. Or, enter your own URL.
  7. In the field Contact Email, enter your email address.
  8. Under Web App Settings,
  9. Select Enable SAML
  10. Enter Entity ID as purelyhr.com
  11. Enter ACS URL as provided by PurelyHR and append your CompanyID as query string parameter. e.g.https://www.purelyHR.com/cpanel/sso/consume.aspx?company_id=YOURCOMPANYIDHERE
  12. Select Subject Type e.g. Federation ID
  13. In the field Name ID Format, keep the default selection (unspecified)
  14. In the field Issuer, keep the default value
  15. In the field Service Provider Certificate, keep the default (unselected)
  16. Save the settings
  17. Go to Manage Apps | Connected Apps
  18. Select your App.
  19. Click Manage Profiles or Manage Permission Sets and add profiles/permission sets of users who can access this app.
  20. Above Manage Profiles, you will find the Login Information summary
  21. IdP Initiated Login URL: It will be used to test the IdP initiated SSO.
  22. Right-click IdP-Initiated Login URL, and copy link into a notepad.
  23. Click Edit
  24. In the field Start URL, copy and paste the URL from Notepad.
  25. Click Save.
  26. SSO setup for PurelyHR is complete.

Setup through Salesforce App Launcher:

  1. Go to App Launcher
  2. Click on the PurelyHR icon
  3. It will create a PurelyHR session on successful SSO
Please Note: PurelyHR does not support SP-initiated SSO.