Configuring SAML SSO for PurelyHR

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and PurelyHR

Prerequisite

Log in to ADSelfService Plus as an administrator.
Navigate to Configuration → Self-service → Password Sync/Single Sign-on.
Search for PurelyHR and select it.
Click Download SSO Certificate link in the top-right corner of the screen.
In the SSO/SAML Details pop-up screen that appears, note down the values of Login URL . We will need these values in a later step.
Click Download SSO certificate and save the file (PEM file). Open the certificate file in a text editor and copy its content. We will need this in a later step.

PurelyHR (Service Provider) configuration steps

Now, log in to your PurelyHR administrator account.
Click SSO settings at the toppanel.
Click on Account Options | Single Sign On Settings
In right side, you will see option for Single Sign on Settings.
In Generic SAML Connector, you will find settings for IdP Provider Settings.
In the x509 Certificate field, paste the certificate (PEM) file content you had copied in Step 6 of Prerequisite.
In the IdP Issuer and IdP Endpoint URL fields, enter the Login URL value you had copied in Step 5 of Prerequisite.
In the Logout URL field, enter the Logout URL value you had copied in Step 5 of Prerequisite.
Click Save Changes.

ADSelfService Plus (Identity Provider) configuration steps

Enter a Description for the connection.

In the Available Policies field, select the policies for which you wish to enable single sign-on.

Click Save.

Your users should now be able to sign in to PurelyHR through ADSelfService Plus.

For PurelyHR, both IdP-initiated and SP-initiated flows are supported.