Single sign-on (SSO) is supported on intelliHR and means one set of login credentials can be used to access multiple applications. This type of authentication can assist employees who have a growing number of user accounts. Access to intelliHR is either manually by logon which requires a username and password that can be set by the staff member via an email link or by SSO.
The following SSO options are supported:
1. Vanilla AD connecting through to OneLogin as the IdP
2. Vanilla AD providing the IdP via manually configured ADFS
When the user tries to log into our application using SSO they use a browser (mobile or desktop). Our application servers will redirect that browser to that customer's Identity Provider (eg ADFS or OneLogin) and they will either:
- Have to log into that Identity Provider with their DOMAIN\username
- Already have a valid session with the Identity Provider because they already logged on today, or are using a windows machine that is joined to DOMAIN which will automatically sign in.
In either scenario, they are redirected back to our application with a special signed token that can be proven to be a valid request from your Identity Provider. If they don't have a valid signed token from your Identity Provider then we don't allow them to login.