👋 To make the SSO configuration with Factorial the person responsible for the SSO connection within the client company has to provide Factorial with a metadata file.
👀 You will have to modify the “Company Name” in the Sign on URL for the one that references your company. The correct one can be found in the Factorial part of this guide
In Azure Portal:
- Click on Enterprise Applications
- Click on New application
- Click on Create your own application, fill Input name with Factorial SAML and select Integrate any other application you don't find in the gallery (Non-gallery).
- Go to Single sign-on and create a SAML provider
-
Update the configuration fields according to this:
**Identifier (Entity ID)**:
urn:amazon:cognito:sp:eu-central-1_Y8iEmyaEp
**Reply URL (Assertion Consumer Service URL)**:
<https://factorial-production.auth.eu-central-1.amazoncognito.com/saml2/idpresponse>
**Sign on URL (Remember to update your [CompanyName](<https://www.notion.so/How-do-I-add-a-SAML-provider-with-Azure-f5ab18de90d849a89c5ef738c619aed5>) on this one)**:
<https://factorial-production.auth.eu-central-1.amazoncognito.com/oauth2/authorize?identity_provider=**CompanyName**&redirect_uri=https://api.factorialhr.com/cognito/oauth&response_type=CODE&client_id=53avjrh4f9bre669tbhbeo03gn&scope=email%20openid%20profile%20aws.cognito.signin.user.admin>
**Logout URL**:
<https://factorial-production.auth.eu-central-1.amazoncognito.com/saml2/logout>
**User Attributes & Claims**
givenname user.givenname
surname user.surname
name user.displayname
emailaddress user.userprincipalname
Unique User Identifier user.userprincipalname -
Download the “Federation Metadata XML” from the third step and keep it in hand for the next steps.
- Go to "Users and groups" inside the Azure application and click "Add user/group" and add selected users or groups. These will be the users that will be able to log in via SAML SSO.
In Factorial:
- Go to the Company settings in Factorial, and click on the Set-up SAML SSO in the Single Sign-On section (You need to ask us to activate it, please reach out if you need this functionality)
- In the first step of the configuration, please add your company's domain. Add only the domain, for example, with hello@factorialhr.com you would have to include only factorialhr.com. If your company has multiple domains, add them here as well.
- Finally, in the next step, drag and drop (or select on your computer) the downloaded Federation Metadata XML file to the documents zone, after this, you can click on the Save configuration button and the SAML SSO should be activated.
👇 Here you can find the CompanyName associated with the SAML configuration in Azure Portal.