PurelyHR SAML Single Sign-On (SSO)

With CyberArk as your identity service, you can choose single-sign-on (SSO) access to the PurelyHR web application with IdP-initiated SAML SSO for SSO access through the CyberArk Identity User Portal.

If PurelyHR is the first application you are configuring for SSO through CyberArk Identity, read these topics before you get started:

PurelyHR SSO Requirements

Before you configure the PurelyHR web application for SSO, you need the following:

  • An active PurelyHR account with administrator rights for your organization.

  • A signed certificate.

  • You can either download one from Admin Portal or use your organization’s trusted certificate.

Add and Configure PurelyHR in Admin Portal

It is helpful to open the PurelyHR web application and the Admin Portal Application Settings window simultaneously to copy and paste settings between the two browser windows. Also see Configure SSO for PurelyHR.

Configure SSO for PurelyHR

The following steps are specific to the PurelyHR application and are required in order to enable SSO for PurelyHR. For information on optional Idaptive Admin Portal configuration settings that you may wish to customize for your app, see Optional configuration settings.

For more information about PurelyHR

For more information about configuring PurelyHR for SSO, contact PurelyHR support.

PurelyHR Specifications

Each SAML application is different. The following table lists features and functionality specific to PurelyHR.

Capability

Supported?

Support details

Web browser client

Yes

 

Mobile client

No

 

SAML 2.0

Yes

 

SP-initiated SSO

No

 

IdP-initiated SSO

Yes

 

Force user login via SSO only

Yes

To force, select the Force SSO option on the PurelyHR SSO settings page.

Note: After Force SSO is enabled in PurelyHR, the login page still appears but does not serve as a back door. If a user tries to log in with their username and password, they are directed to log in through the SAML Connector.

Separate administrator login
after SSO is enabled

No

 

User or Administrator account lockout risk

Yes

 

Automatic user provisioning

Yes

To enable, select the Auto-Create Users option on the PurelyHR SSO settings page.

Multiple User Types

Yes

Employee, Manager, and Administrator.

Self-service password

Yes

 

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.