Single Sign On - SSO Feature

TABLE OF CONTENTS


The power of Single Sign-On (SSO)


In the ever-evolving digital landscape, managing multiple login credentials can be a cumbersome task. Enter Single Sign-On (SSO)—a sophisticated solution that simplifies access and enhances security.


What is SSO?


Single Sign-On (SSO) is an authentication mechanism that streamlines user access across various applications, systems, or services. Here’s how it works:


  • Unified Credentials: With SSO, users need only remember one set of robust credentials. Gone are the days of juggling multiple usernames and passwords.
  • Seamless Access: Whether it’s email, project management tools, or cloud services, SSO ensures effortless access. Say goodbye to repetitive logins and password resets.
  • Productivity Boost: SSO saves valuable time. Imagine reclaiming those minutes spent on authentication tasks. Efficiency becomes your ally.
  • Fortified Security: By centralizing authentication, SSO strengthens your digital fortress. Weak passwords and vulnerable credentials become relics of the past.


Who can Log in to the boarding platform with SSO


We provide two options:


  • SSO can be enabled only for admin users (users who have any admin role assigned to them)
  • Or SSO can be enabled for all users of the platform, meaning admin users, key contacts, and onboardees (starting from the first working day)/offboardees (before the last working day).


Log-in flows with SSO


When Single Sign-On (SSO) is enabled, admin users who open an app URL will be automatically redirected to your company’s login screen. For instance:



Key contacts will have the same flow: 



The login flow for onboardees includes the following steps:



  1. An onboardee is asked to fill in their email address



2. Starting from the first working day, onboardees will be redirected to the company’s login screen to proceed with SSO:





Note: Onboardees before their Start Date will be still asked to enter their password to proceed:





Work Email Address


For SSO to function smoothly, it is best to have the Work email address feature enabled in the boarding platform. What to consider before enabling this feature:


1. API integrations need to be adjusted accordingly.

2. Work email address is currently not supported in Import.

3. For SSO to work for onboardees (so that onboardees are able to log in on the start date), the work email address should be filled in under the onboardee profiles before this date. This might require a change of the current process. Our suggestions:

a. If you are using an API integration, make sure to pass the work email address.

b. If you are not using an integration, you can create a task for the IT department to pass the work email address to the HR department so that they can update onboardees’ profiles.

4. It’s recommended to configure the email template informing onboardees that from the start date on, they need to use their work email address to log in to the app. Work email address needs to be shared separately, at the moment, the {Workemail} form field is not supported in the app yet.

5. In case the work email address is missing on the onboardee’s start date, they won’t be able to log in to the Onboarding app (as SSO uses the work email address).


Can SSO be enabled in your boarding platform? 


We’re currently working with some limitations on our end when it comes to compatibility.


  • If you’re using a Do-It-Yourself (DIY) integration to manage onboardees and users, adding a Single Sign-On (SSO) flow may not be straightforward. Unfortunately, we won’t be able to proceed with your inquiry now.


  • In case you have an API integration managed by us (Talmundo), the process needs to be aligned with the integration team before proceeding with SSO set up.


  • If you are not using an API integration for creating/updating onboardees and users, their volume should be low. This is because the Import feature doesn’t support work email addresses yet. It means that all users and onboardees need to be created manually. We are planning to implement work email address in Import soon, but until then all administrators should be aware of this limitation and not use Import functions as it might corrupt the data.


  • If you have multiple languages enabled in the app, admin users and key contacts won’t have the option to select their preferred language. The default language will be used. For onboardees, it’s not an issue, they will be able to choose their preferred language.


  • You have only one template (onboarding or offboarding). If you have multiple templates (for example, onboarding and offboarding), the possibility of enabling SSO will be considered individually.


If you don’t meet the criteria mentioned above but require Single Sign-On (SSO) as a priority, please feel free to contact your Customer Success Manager (CSM) to discuss the detail

 

SSO Set Up

The Talentech products offer several options for configuring Single Sign On. Read more details here.


SSO with Azure AD Marketplace App


 The easiest way to set up SSO is by using our pre-defined Azure Marketplace App. You can find the detailed steps here.

 


Enabling SSO in your app 


To summarize, the process of enabling SSO for your company is the following:


1. Prepare internal processes for introducing Work Email address:


a. Work email address is a prerequisite for SSO.


b. Keep in mind that for new hires (onboardees), SSO is always forced on the first working day.


c. Before the first day, onboardees still use their private email addresses and create passwords.


d. An email informing onboardees about the change needs to be configured.


2. Technical configuration:


Before implementing SSO, follow the steps described on the SSO with Azure AD Marketplace App page. This ensures that your environment is properly set up for the SSO integration.


3. Agree on Activation Date:


All stakeholders must decide on a specific date when SSO will take effect. This ensures everyone is aligned and prepared.


4. Activation Process:


On the agreed-upon date, we will activate SSO in your app.


After activation, all users will be migrated to SSO and forced to log in with SSO for authentication.


Following these steps will smoothly transition your organization to SSO.



Pricing

SSO is a paid feature. Please contact your CS manager for the details.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.