Before following the below steps to set up single sign-on using Microsoft ADFS, please read this article with more general information regarding Peakon's single sign-on.

1. Enable single sign-on in Peakon

  1. Click on Administration in the bottom left corner of the Peakon dashboard
  2. Choose Integrations and then select Single Sign-On 
  3. Click the Connect button and you’ll be taken to the page you see in the screenshot below

On this page, you will later input your SSO login URL and certificate provided by ADFS. Here you will also find the entity ID and reply URL (ACS) for Peakon, which you will enter into ADFS a bit later in this guide.

2. Add a new Relying Party Trust

In your ADFS configuration, right click on Relying Party Trust and click on Add Relying Party Trust:

Enter the Entity ID from the Peakon SSO settings page as the metadata URL, and all settings should be configured automatically.

Now that the Relying Party Trust has been created, you need to add two new claim rules to it:

To add the first rule, click Add Rule... to add a Send LDAP Attributes as Claims rule:

To add the second rule, click Add Rule... to add a Transform an Incoming Claim rule:

You should now have two rules defined:

3. Configure the SSO setup

  1. Return to the integration page on Peakon and enter the SSO login URL of your ADFS instance which can be looked up in the ADFS configuration (you can also add the logout URL, but this is not required)
  2. Select the name ID which will either be Name or Employee Number, depending on which attribute you would like to match against in Peakon when employees login
  3. Upload the certificate (PEM format) used to sign the SAML requests. Once the certificate is uploaded, the text field will be automatically populated with a unique identifier

4. Test that single sign-on is working

Now that you have configured ADFS to integrate with Peakon, you are ready to test it:

  1. Go to app.peakon.com/login and enter your ADFS email address.
  2. After entering the email, Peakon will detect that this email supports single sign-on, and clicking the Sign in button will redirect you to internal ADFS sign in page, before redirecting you back to Peakon and logging you in
  3. If you prefer to sign into Peakon using your existing password, you can skip the single sign-on step by clicking Sign in using password after entering your email
  4. Optionally, go directly to (or bookmark) app.peakon.com/saml/{your email domain}, which will start the single sign-on flow directly without visiting the Peakon login page first

Article: Introduction to using single sign-on
Article: Set up single sign-on with G Suite (Google Apps)
Article: Set up single sign-on with MS Azure AD
Article: Set up single sign-on with OneLogin
Article: Set up single sign-on with Okta

Did this answer your question?