SSO Integration

Single Sign-On in Leadr allows you to manage your employee access in one location and enables users to sign into the platform with that existing login, eliminating the need for an additional login for your users to manage.

In this article:

Implementation Overview

Leadr will work with your IT Admin to confirm SSO is a good fit and ensure you have a seamless setup process. Leadr will provide the necessary information we need within a few days of your partnership, and then it is up to your IT Administrators to enable it.

Phase One (Logging In)

Depending on the SSO provider type, the setup will look something like this:

SAML-Based Authentication Setup

  • Application Name
  • SAML Identifier
  • SAML Reply URL

After Leadr provides the values, the IT Admin Will:

  • Create the Azure AD application

    To allow Leadr to communicate with Azure AD, a custom Enterprise Application must be created and configured with the credentials provided by Leadr.

  • Configure the Application

    Once the application has been created, IT Admin can begin configuring the settings to perform the connection between Azure AD and Leadr.

  • Assign Users to the Application

    Now that the application has been created and configured within Azure AD using the information provided by Leadr, the IT Admin will navigate to the “Users and groups” tab on the Enterprise Application Management page.

  • Send Leadr Certificate and Login URL

    The final step is to provide the SAML Certificate file and Login URL value to Leadr, who is facilitating the setup of the connection to finalize the process on the Leadr side.

Phase Two (Automate User Provisioning)

As an added benefit of the SSO via SAML integration, Leadr also supports utilizing the SCIM (System for Cross-domain Identity Management) protocol to provision user accounts within Leadr directly from Azure Active Directory.

Setup Information Provided by Leadr

  • To create and configure the SCIM integration, the following values are provided by Leadr:
    • SCIM Endpoint URL
    • SCIM Authentication Token

  • Enable Provisioning in the Azure AD Application

    To allow Leadr to communicate with the Azure AD provisioning service, a custom Enterprise Application with provisioning must be enabled and configured with the credentials that Leadr provides.

  • Update Provision Mappings

    Once the connection has been verified and saved, expand the " Mappings " section and click on the “Provision Azure Active Directory Users” text to be redirected to the mappings management page for user provisioning.

We support the following fields through automated user provisioning. First and last name as well as Email Addresses are the only required fields for provisioning. All other fields are available but optional.

    • First and last name
    • Email address
    • Job title
    • Department
    • Manager
    • Hire Date
    • Birthday
    • Profile Picture

  • Provision Users

    To begin provisioning users, ensure users have already been assigned to the custom Enterprise Application as directed in the SAML setup.

FAQ

  • Can any Microsoft Account Type Enable SSO?

    No, the account type must be Enterprise.

  • How long does the setup process take?

    Leadr will provide the necessary values within two business days. Once the values are provided, timing is based on your IT Administrator.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us