PurelyHR SAML Single Sign-On (SSO)

With CyberArk as your identity service, you can choose single-sign-on (SSO) access to the PurelyHR web application with IdP-initiated SAML SSO for SSO access through the CyberArk Identity User Portal.

If PurelyHR is the first application you are configuring for SSO through CyberArk Identity, read these topics before you get started:

PurelyHR SSO Requirements

Before you configure the PurelyHR web application for SSO, you need the following:

  • An active PurelyHR account with administrator rights for your organization.

  • A signed certificate.

  • You can either download one from Admin Portal or use your organization’s trusted certificate.

Add and Configure PurelyHR in Admin Portal

It is helpful to open the PurelyHR web application and the Admin Portal Application Settings window simultaneously to copy and paste settings between the two browser windows. Also see Configure SSO for PurelyHR.

Configure SSO for PurelyHR

The following steps are specific to the PurelyHR application and are required in order to enable SSO for PurelyHR. For information on optional Idaptive Admin Portal configuration settings that you may wish to customize for your app, see Optional configuration settings.

For more information about PurelyHR

For more information about configuring PurelyHR for SSO, contact PurelyHR support.

PurelyHR Specifications

Each SAML application is different. The following table lists features and functionality specific to PurelyHR.



Support details

Web browser client



Mobile client



SAML 2.0



SP-initiated SSO



IdP-initiated SSO



Force user login via SSO only


To force, select the Force SSO option on the PurelyHR SSO settings page.

Note: After Force SSO is enabled in PurelyHR, the login page still appears but does not serve as a back door. If a user tries to log in with their username and password, they are directed to log in through the SAML Connector.

Separate administrator login
after SSO is enabled



User or Administrator account lockout risk



Automatic user provisioning


To enable, select the Auto-Create Users option on the PurelyHR SSO settings page.

Multiple User Types


Employee, Manager, and Administrator.

Self-service password



Access restriction using a corporate IP range


You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.