Company administrators have the ability to configure an Identity Provider to power Single Sign On (SSO). This article details how to configure an Identity Provider using the Security Assertion Markup Language (SAML) protocol to facilitate SSO with the Oyster application. You can learn more about the SAML protocol and how it works here.
What's supported in the SAML and Oyster integration
- Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Oyster HR.
Who are the identity providers using OIDC?
Here are some of the identity providers you can connect using OIDC:
- Amazon Web Services (AWS)
- Oracle Identity Cloud Service
- SAP Identity Authentication Service
- Centrify
Requirements
In order to proceed with configuring login with SSO through SAML, you must:
- Be an administrator on your Identity Provider
- Have a company administrator account on the Oyster app
Important pointers before you start the process
- You won’t be able to enable the integration if at least one of the customer users on your company is already using SSO with another company.
- Once the SAML integration is enabled, there is no way of changing the credentials used for the integration. You'll need to delete the integration and set up a new one if you need to update the credentials.
- SAML SSO is supported for both admin and manager roles but not supported for your team members when they log into their Oyster account. Only account admins can set up the integration.
- You can only “Sign in” into your existing Oyster account using this SAML SSO integration and not “Sign up”.
Steps
Follow these steps to set up an the integration between Oyster and your Identity Provider using SAML:
|
|
|
|
|
|
|
|
|
Your Identity Provider using SAML is now enabled for your users! Your eligible users will now be able to sign in using the SSO option on the sign-in page.