| Info |
|---|
This page describes how to configure your Azure AD to support Single SignOn to our Talent Platform using OpenID Connect (OIDC). |
Our identity platform, HRIDTalentech ID, supports Single SignOn via OpenID Connect. This guide describes how this can be configured in your Azure AD. To get started, you need to contact us in order to configure your system for Single SignOn. You will then get a URL from us to enter in your Azure AD configuration. Then you need to provide us the ClientId and endpoint URL before you are ready to go.
...
We recommend that you give admin consent for all your users signing in to HRIDTalentech ID.
If you do not do this, every user will be asked if they would like to allow HRID Talentech ID to read their basic information when signing in for the first time.
If the user does not give their consent they will not be signed in.
...
4. Optional: Whitelist email addresses
HRID Talentech ID is sending email for password resets and account activations. If you have problems receiving these emails, you should consider whitelisting our email addresses and IP addresses.
...
- Select Azure Active Directory
- Select Enterprise Applications
- Using the search field, locate the app registration that handles HRID Talentech ID SSO.
Open the application. - Select the ‘Properties’ menu. Verify that the settings are set as indicated in the green boxes below.
...
Answer
To properly map an Azure AD user to an HRID a Talentech ID user, the claim with an email address matching the email address in HRID Talentech ID needs to be called [email], [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress] or [preferred_username]