Enable single sign-on in Peakon

As an administrators of your company's Peakon account, you can enable single sign-on by first clicking the settings icon in the bottom left corner of the Peakon dashboard, choosing Integrations, and then selecting Single Sign-On from the list of integrations. Click the yellow Enable button and you’ll be taken to the page you see in the screenshot below.

On this page you will later input your SSO login URL and certificate provided by G Suite. Here you will also find the entity ID and reply URL (ACS) for Peakon, which you will enter into G Suite a bit later in this guide.

Add a SAML app to your G Suite account

As a G Suite adminstrator, you can follow these steps to add a new SAML app for  your company, by first heading over to admin.google.com, and clicking the "Apps" box in the grid of icons:

Then click the "SAML apps" box to view your collection of existing SAML apps, or to create a new one:

Create a new SAML app by clicking the plus button in the bottom right:

For Peakon, we will setup a custom SAML app. Click "Setup my own custom app":

On the next page, make sure to download the certificate, and make note of the SSO URL. The certificate and SSO URL should then be added to the Peakon Single Sign-On settings page, as described at the beginning of this article. Make sure to copy this information now, as it will not be available once this guide has been completed. After you have entered this information into Peakon, click "Next":

Now, add a name and description for your new app, and upload a logo. Here is a logo image you can use for this purpose:

Then click "Next":

On the next page, configure your SAML app with the ACS and Entity ID provided on the Peakon Single Sign-On settings page. Make sure to check the "Signed Response" box, and set "Name ID" to the primary email of the user, and "Name ID Format" to "EMAIL". Then click "Next":

On the last page, "Attribute Mapping", just click "Next" as this information is optional.

Your new "Peakon" app should now appear under the "SAML apps" section. It is important that you remember to turn the app on for some or all the users in your organisation after it has been created, or they will not be able to log in.

Test that single sign-on is working

Now that you have created your SAML app, you are ready to test it:

  1. Go to app.peakon.com/login and enter your G Suite email address.
  2. After entering the email, Peakon will detect that this email supports single sign-on, and clicking the "Sign in" button will redirect you to Google's sign in page, before redirecting you back to Peakon and logging you in.
  3. If you prefer to sign into Peakon using your existing password, you can skip the single sign-on step by clicking "Sign in using password" after entering your email.
  4. Optionally, go directly to (or bookmark) app.peakon.com/saml/{your email domain}, which will start the single sign-on flow directly without visiting the Peakon login page first. 

Troubleshooting

Problem: Peakon will not log me in after redirecting back from the Google sign in page

Solution: Double check that the domain of your Peakon email is the same as the one in G Suite, since this is how Peakon finds the right user to log in.

Problem: When logging in, I get an Google error page saying "Service is not configured for this user".

Solution: You need to enable the Peakon application for everyone in your organization under the "Peakon settings" > "Service Status", and select "ON for everyone". This setting could take up to 24 hours to be applied, so you might still see the error right after turning it on. If so, wait 24 hours and it should start working.

Did this answer your question?