Single Sign-on (SSO) Setup
- Geoffrey McLennan (Deactivated)
- Dinesh Adithan
Part 1: Use Schedule Xpress to enter IdP Metadata
For this step, you will need the URL for your IdP's metadata XML. This depends on which IdP you are using. Below is an explanation of where to find the metadata URL for various IdP's.
Log in to Schedule Xpress as a user with admin privileges
Go to Settings → Single sign on (if you don't see this option, your user id does not have admin privileges; Contact your admin or Celayix Support support@celayix.com)
Paste your IdP metadata URL into the Metadata URL field
Copy the URL in the Celayix metadata URL field; you will need this to set up your IdP with Celayix SSO
Click save.
After a success message, check that the information in the additional fields that have appeared is correct
If you get an error while saving, try pasting your metadata URL into your browsers URL bar. If it doesn't display/download an XML file, you might have the wrong url; Here's a sample URL
https://ssodev.celayix.com/federationmetadata/2007-06/federationmetadata.xml from a Celayix Test IdP
Part 2: Specific instructions for an IdP Vendor
Microsoft Active Directory Federation Services (ADFS)
A. Locating your IdP federation metadata
Your metadata URL should be something like: https://your-domain.example.com/federationmetadata/2007-06/federationmetadata.xml
Replace your-domain.example.com with the actual domain name where Active Directory (either Azure or Windows AD) is publicly accessible on the Internet.
If you have placed access restrictions by ip address, please contact Celayix Support for the ip address specific to your instance.
B. Create an entry in your IdP for Celayix
Go to your ADFS configuration window, select "Add Relying Party Trust..." in the Actions panel
On the first page of the Wizard, ensure
Claims awareis selected and click StartPaste the Celayix metadata URL from step 4 of Part 1 above into the
Federation metadata addressfield and click nextClick Next
Give your entity a suitable Display Name, like "Celayix Workforce Management" and click Next
Choose an appropriate Access Control Policy for your use case
If all Active Directory users in your domain have accounts in Celayix platform, you can use the
Permit everyoneruleFor more control over who will have access to the Celayix platform portal, use
Permit specific groupand select a group that only contains users with accounts in all Celayix applications - Schedule Xpress, Time Xpress, Team Xpress.
Once an Access Control Policy has been chosen, click Next
Review the information in the Ready to Add Trust page and click Next
On the finish page, click Close
C. Configure Claim Issuance Policy rules for Celayix
Right click the Relying Party Trust that was created above and select Edit Claim Issuance Policy...
Click Add Rule...
Select Transform an Incoming Claim from the dropdown and click Next
Give your claim rule a name
From the Incoming claim type dropdown select
UPN, from the Outgoing claim type dropdown selectName IDThe Outgoing name ID format dropdown should become enabled, select
Emailfrom this dropdownClick Finish
Click Apply to save your Claim Issuance Policy rules
OneLogin
A. Locating your IdP federation metadata
The metadata URL changes for every app configured in OneLogin. Compete the below step (Create an entry in your IdP for Schedule Xpress), then return here.
Log in to OneLogin as an administrator
Click
Administrationin the title barClick
Appsin the title barSelect the app you configured below
Select the
SSOtab for this appThe metadata for your app is in the
Issuer URLfield, copy it to paste into Schedule Xpress
B. Create an entry in your IdP for Celayix
Log in to OneLogin as an administrator
Click
Administrationin the title barClick
Appsin the title barClick the
ADD APPbutton just below the title barIn the search bar type SAML Test Connector
Click the option
SAML Test Connector (IdP)In the
Display Namefield give your entry a descriptive nameClick
Savein the top rightIf you haven't already done so, you can now perform step A. Locating your IdP federation metadata