Before following the below steps to set up single sign-on using G Suite, please read this article with more general information regarding Peakon's single sign-on.

1. Enable single sign-on in Peakon

  1. Click on Administration in the bottom left corner of the Peakon dashboard
  2. Choose Integrations and then select Single Sign-On 
  3. Click the Connect button and you’ll be taken to the page you see in the screenshot below

On this page you will later input your SSO login URL and certificate provided by G Suite. Here you will also find the entity ID and reply URL (ACS) for Peakon, which you will enter into G Suite a bit later in this guide.

2. Add the Peakon app to your G Suite account

As a G Suite adminstrator, you can follow these steps to add a new SAML app for your company, by first heading over to admin.google.com, and clicking the Apps box in the grid of icons:

Then click the SAML apps box to view your collection of existing SAML apps, or to create a new one:

Create a new SAML app by clicking the plus button in the bottom right:

For Peakon, we will setup a custom SAML app. Click Setup my own custom app:

On the next page, make sure to download the certificate, and make note of the SSO URL. The certificate and SSO URL should then be added to the Peakon Single Sign-On settings page, as described at the beginning of this article. Make sure to copy this information now, as it will not be available once this guide has been completed. After you have entered this information into Peakon, click Next:

Now, add a name and description for your new app, and upload a logo. Here is a logo image you can use for this purpose:

Then click Next:

On the next page, configure your SAML app with the ACS and Entity ID provided on the Peakon Single Sign-On settings page. Make sure to check the Signed Response box, and set Name ID to the primary email of the user, and Name ID Format to "EMAIL". Then click Next:

On the Attribute Mapping page, just click Next as this information is optional.

Your new "Peakon" app should now appear under the "SAML apps" section. It is important that you remember to turn the app on for some or all the users in your organisation after it has been created, or they will not be able to log in.

3. Test that single sign-on is working

Now that you have configured G Suite to integrate with Peakon, you are ready to test it:

  1. Go to app.peakon.com/login and enter your G Suite email address.
  2. After entering the email, Peakon will detect that this email supports single sign-on, and clicking the Sign in button will redirect you to internal Google's sign in page, before redirecting you back to Peakon and logging you in
  3. If you prefer to sign into Peakon using your existing password, you can skip the single sign-on step by clicking Sign in using password after entering your email
  4. Optionally, go directly to (or bookmark) app.peakon.com/saml/{your email domain}, which will start the single sign-on flow directly without visiting the Peakon login page first

Troubleshooting

Problem: Peakon will not log me in after redirecting back from the Google sign in page

Solution: Double check that the domain of your Peakon email is the same as the one in G Suite, since this is how Peakon finds the right user to log in.

Problem: When logging in, I get an Google error page saying "Service is not configured for this user".

Solution: You need to enable the Peakon application for everyone in your organization under the "Peakon settings" > "Service Status", and select "ON for everyone". This setting could take up to 24 hours to be applied, so you might still see the error right after turning it on. If so, wait 24 hours and it should start working.

Article: Introduction to using single sign-on
Article: Set up single sign-on with Microsoft ADFS
Article: Set up single sign-on with MS Azure AD
Article: Set up single sign-on with OneLogin
Article: Set up single sign-on with Okta

Did this answer your question?