Generic SSO Setup |
Configure SSO in Sage People
- Review SSO settings:
-
Select New to create a new SSO instance and give it a name. For example:
Azure SSO
The API Name is automatically completed based on the name.
-
Enter the Issuer. This is the entity ID from the metadata XML you downloaded in Configure SSO Service Provider step 6.
TipThe entity ID from Azure goes in the Issuer box, not the entity ID box.
- Enter the Entity ID. This is the Salesforce URL (
https://xxx.my.salesforce.com
). Replacexxx.my.salesforce.com
with the org's custom domain. - For Identity Provider Certificate, select Choose File and find the certificate downloaded in Configure SSO Service Provider step 7 and upload it.
- For SAML identity Type, select Assertion contains the Federation ID from the User object.
- For Identity Provider Login URL, search for
saml2
in the metadata saved in Configure SSO Service Provider step 6 and paste the link into this field. - Select Save.
- On the Single Sign-On Settings page, in the Federated Single Sign-On Using SAML section, select the checkbox for Make Federation ID case insensitive.
- If you use Google G-Suite as the service provider, return to the app config and enter the Sign On URL into the ACS URL field.
- Review authentication configuration:
Go to Setup > Administration Setup > Domain Management > My Domain.
In the Authentication Configuration section, ensure:
the authentication service you configured is checked. The Authentication Configuration section uses the name you gave to the service. For example: SSO ADFS in the screenshot.
Login Page is unchecked. Unchecking Login Page hides the Salesforce login form, so users are automatically redirected to their selected SSO Identity Provider.
-
Enable User Federation ID in the HCM package configuration. This enables synchronization of Federation ID between the Team Member and User records. Federation ID fields cannot be synchronized using field sets in the Team Member and User objects.
- Go to Setup > Installed Packages.
- Select Configure next to the Sage People Human Capital Management package.
-
Check the User Federation ID checkbox:
- Select Save.
Salesforce Dot Com (SFDC) certificates expire every year and need to be updated within the org. If you receive a SFDC Expired Certificate Notification resolution instructions are available on the Sage People Community.