Single Sign On (SSO)

Provides an overview of Single Sign-On, including how to set it up in Namely.

OVERVIEW

Single Sign-On (SSO) is a decentralized session and user authentication service that allows users to leverage a single set of login credentials to access multiple applications. Many companies use an SSO or Identity Provider (iDP) to simplify the login process for applications for their employees, but there are benefits beyond only asking your employees to remember one password, including:

  • Increased security: Single Sign-On providers specialize in authentication and account security.

  • Identity management: Many providers offer identity management - essentially one centralized profile that your users have that can be used to access multiple applications. This streamlines operations for your IT team.

  • Cutting-edge features: Many providers offer several multi-step authentication processes and leverage tools like facial and thumb recognition. 

  • Easy setup in Namely: Namely can be linked to your provider with just a few clicks.

  • Streamlined Employee Onboarding: Once SSO is set up, onboarding your employees is a breeze. Our onboarding session will send a token link to your employee’s personal email address that will create their SSO profile. Once they’ve clicked it, IT can easily load them up with additional applications so they’re set up for success on day one.  

HOW SINGLE SIGN-ON WORKS

Namely currently supports SAML 2.0. It’s important to note that Namely does not do any authentication of a user’s credentials - we verify a request coming from your SSO provider using the SAML settings entered. If the response provided is valid, we take the email address from the NameID attribute and check that it exists inside the Namely site. If it exists, the user is granted access.

HOW TO SET UP SINGLE SIGN-ON IN NAMELY

It’s possible that your company already uses SSO, but you just haven’t connected it to Namely. If you haven’t set it up yet, here are some links that can help you get started with some of the most popular providers:

Once your SSO application has been set up and you’ve loaded your userbase into the system, you can get started in Namely. You will need an IDP URL and Certificate from your SSO application to proceed.

  1. Login to Namely.

  2. Go to Company > Settings > Login Page

A screenshot of a login page Description automatically generated

  1. Under Login Methods, select the SAML option.

    • SAML stands for Security Assertion Markup Language and is an open standard that allows SSO providers to pass authentication credentials to applications. Checking or unchecking the SAML box will not erase your settings.

  2. Enter your provider’s IDP URL into the Identity providers SSO url field. This is the URL that the user will be directed to when they attempt to log in.

    • For Active Directory Federation Services (ADFS) setups, it is whatever URL your IT team has set up for logins.

    • For idP services, like Okta, it’s whichever URL is provided by the service.

  3. Enter your certificate into the Identity provider certificate field.

    • When you download the certificate from your provider, you will need to download it as a PEM (.pem) file.

  4. Save your changes. 

TIP:

If your provider requires a SAML metadata endpoint (also commonly called a “configuration endpoint”), you can retrieve it from the SAML Metadata section. The URL in this field is fixed and cannot be changed. This is a URL that Namely provides that allows idPs to retrieve information about how to send users back to Namely.

SINGLE SIGN-ON CONSIDERATIONS

  • Namely can only accept one SAML certificate at a time - if you’d like to segment your employee population, you’d have to do so within your SSO environment.

  • Once SSO is enabled, it’s the only method that can be used to log in to Namely.