Generic SSO Setup | Configure SSO in Sage People

Understand how to configure Single sign-On (SSO) in Sage People.

Resolution

  1. Review SSO settings:
    1. Go to Setup and select Single Sign-On Settings.
    2. Ensure you've checked SAML enabled.

      Screenshot: SAML Enabled in the Single Sign-On Settings

  2. Select New to create a new SSO instance and give it a name. For example, Azure SSO.

    The API Name completes automatically based on the name.

  3. Enter the Issuer. This is the entity ID from the metadata XML you downloaded in Configure SSO Service Provider step 6.

    Tip

    The entity ID from Azure goes in the Issuer box, not the entity ID box.

  4. Enter the Entity ID. This is the Salesforce URL (https://xxx.my.salesforce.com). Replace xxx.my.salesforce.com with the org's custom domain.
  5. For Identity Provider Certificate, select Choose File. Find the certificate you downloaded in Configure SSO Service Provider step 7 and upload it.
  6. For SAML identity Type, select Assertion contains the Federation ID from the User object.
  7. For Identity Provider Login URL, search for saml2 in the metadata you saved in Configure SSO Service Provider step 6. Paste the link into this field.
  8. Select Save.
  9. On the Single Sign-On Settings page, find the Federated Single Sign-On Using SAML section. Select the checkbox for Make Federation ID case insensitive.
  10. If you use Google G-Suite as the service provider, return to the app config. Enter the Sign On URL into the ACS URL field.
  11. Review authentication configuration:

    1. Go to Setup and select Administration Setup. Click Domain Management and select My Domain.

    2. In the Authentication Configuration section, ensure:

      • You check the authentication service you configured. The Authentication Configuration section uses the name you gave to the service. For example, SSO ADFS in the screenshot

      • Uncheck the Login Page. Unchecking the Login Page hides the Salesforce login form. The system redirects users to their selected SSO Identity Provider automatically

      Screenshot: SSO Authentication Configuration

  12. Enable User Federation ID in the HCM package configuration. This enables synchronization of Federation ID between the Team Member and User records. You can't synchronize Federation ID fields using field sets in the Team Member and User objects.

    1. Go to Setup and select Installed Packages
    2. Select Configure next to the Sage People Human Capital Management package

    3. Check the User Federation ID checkbox

      Screenshot: User Federation ID field checked

    4. Select Save
Note

Salesforce Dot-com (SFDC) certificates expire every year and you need to update them within the org. If you receive an SFDC Expired Certificate Notification, resolution instructions are available on the Sage People Community.