Note |
---|
SAML2 support will be deprecated and we recommend using OpenID Connect when configuring SSO. |
This page describes contains a general guide on how you can configure single sign on using ADFS with SAML2.
Our identity platform, HRIDTalentech ID, supports SAML2, but we recommend using OpenID Connect if you support it. To get started, you need to contact us in order to get the necessary parameters for your configuration.
...
In the same way, you need to send us your metadata URL. If you are using Azure AD, your metadata URL will look something like this: https://login.microsoftonline.com/<TenantDomainName>/FederationMetadata/2007-06/FederationMetadata.xml.
Required claims
Claim Name | Mapped to | Description | Is Required |
---|---|---|---|
Saml Element: <saml:NameID> Claim Name:
| Unique External User Id | The saml:NameID element is needed to map the external user to an internal user in Talentech | True |
email or preferred_username | Email address / username | We will look for a claim named email and preferred_username to map from the external username to the internal Talentech username | False |
name | Full name | We will use the claim named name to map to the user’s full name | False |
Info |
---|
Make sure you do not map more attributes than necessary or include all AD groups a user is member of because there is a limit on how big the request can be. More information about this potential issue. |