Single Sign-on (SSO) Setup

Owned by Geoffrey McLennan (Deactivated)
Last updated: May 28, 2019 by Dinesh Adithan
4 min read

Part 1: Use Schedule Xpress to enter IdP Metadata

For this step, you will need the URL for your IdP's metadata XML. This depends on which IdP you are using. Below is an explanation of where to find the metadata URL for various IdP's.

  1. Log in to Schedule Xpress as a user with admin privileges
  2. Go to Settings → Single sign on (if you don't see this option, your user id does not have admin privileges; Contact your admin or Celayix Support support@celayix.com)
  3. Paste your IdP metadata URL into the Metadata URL field
  4. Copy the URL in the Celayix metadata URL field; you will need this to set up your IdP with Celayix SSO
  5. Click save.
  6. After a success message, check that the information in the additional fields that have appeared is correct
  7. If you get an error while saving, try pasting your metadata URL into your browsers URL bar. If it doesn't display/download an XML file, you might have the wrong url; Here's a sample URL
    https://ssodev.celayix.com/federationmetadata/2007-06/federationmetadata.xml from a Celayix Test IdP

Part 2: Specific instructions for an IdP Vendor


Microsoft Active Directory Federation Services (ADFS)

A. Locating your IdP federation metadata

Your metadata URL should be something like: https://your-domain.example.com/federationmetadata/2007-06/federationmetadata.xml

Replace your-domain.example.com with the actual domain name where Active Directory (either Azure or Windows AD) is publicly accessible on the Internet.

If you have placed access restrictions by ip address, please contact Celayix Support for the ip address specific to your instance.

B. Create an entry in your IdP for Celayix

  1. Go to your ADFS configuration window, select "Add Relying Party Trust..." in the Actions panel
  2. On the first page of the Wizard, ensure Claims aware is selected and click Start
  3. Paste the Celayix metadata URL from step 4 of Part 1 above into the Federation metadata address field and click next
  4. Click Next
  5. Give your entity a suitable Display Name, like "Celayix Workforce Management" and click Next
  6. Choose an appropriate Access Control Policy for your use case
    1. If all Active Directory users in your domain have accounts in Celayix platform, you can use the Permit everyone rule
    2. For more control over who will have access to the Celayix platform portal, use Permit specific group and select a group that only contains users with accounts in all Celayix applications - Schedule Xpress, Time Xpress, Team Xpress.
  7. Once an Access Control Policy has been chosen, click Next
  8. Review the information in the Ready to Add Trust page and click Next
  9. On the finish page, click Close

C. Configure Claim Issuance Policy rules for Celayix

  1. Right click the Relying Party Trust that was created above and select Edit Claim Issuance Policy...
  2. Click Add Rule...
  3. Select Transform an Incoming Claim from the dropdown and click Next
  4. Give your claim rule a name
  5. From the Incoming claim type dropdown select UPN, from the Outgoing claim type dropdown select Name ID 
  6. The Outgoing name ID format dropdown should become enabled, select Email from this dropdown
  7. Click Finish
  8. Click Apply to save your Claim Issuance Policy rules



OneLogin

A. Locating your IdP federation metadata

The metadata URL changes for every app configured in OneLogin. Compete the below step (Create an entry in your IdP for Schedule Xpress), then return here.

  1. Log in to OneLogin as an administrator
  2. Click Administration in the title bar
  3. Click Apps in the title bar
  4. Select the app you configured below
  5. Select the SSO tab for this app
  6. The metadata for your app is in the Issuer URL field, copy it to paste into Schedule Xpress

B. Create an entry in your IdP for Celayix

  1. Log in to OneLogin as an administrator
  2. Click Administration in the title bar
  3. Click Apps in the title bar
  4. Click the ADD APP button just below the title bar
  5. In the search bar type SAML Test Connector
  6. Click the option SAML Test Connector (IdP)
  7. In the Display Name field give your entry a descriptive name
  8. Click Save in the top right
  9. If you haven't already done so, you can now perform step A. Locating your IdP federation metadata


A template

A. Locating your IdP federation meta data


B. Create an entry in your IdP for Celayix