Enable single sign-on in Peakon

As an administrator of your company's Peakon account, you can enable single sign-on by first clicking the settings icon in the bottom left corner of the Peakon dashboard, choosing Integrations, and then selecting Single Sign-On from the list of integrations. Click the yellow Enable button and you’ll be taken to the page you see in the screenshot below.

On this page, you will later input your SSO login URL and certificate provided by OneLogin. Here you will also find the entity ID for Peakon, which you will enter into OneLogin a bit later in this guide.

Add a SAML app to your OneLogin account

As a OneLogin administrator, you can follow these steps to add a new SAML app for your company, by first heading over to the main menu, and clicking the "Apps" menu then “Add Apps” :

Then search for “Peakon” : 

Click on the Peakon listing to open the configuration menu.

Configuring the Peakon SAML App:

The first page will be pre-populated with the Peakon app name and logo. You can optionally add a description if required. Click on “Save” to proceed.

This will create the app and a new set of menus shall appear : 

The next step is to enter the Entity ID from the Peakon Integration page into the OneLogin configuration. Please note OneLogin will autofill the URL format and therefore you are only required to enter the ID from the Entity ID URL as shown below:

 

Navigate to the “Configuration” menu in OneLogin. Then enter the ID, e.g. 7864 :

The next step is to download the SSO Certificate and entering the SAML Endpoint into Peakon. Click on the “SSO” menu in OneLogin: 

To download the Certificate file, you will need to click on “View Details” under the Certificate sub menu as shown below: 

Set the SHA Fingerprint strength to “SHA256” and ensure the X.509 certificate file extension is PEM. Now click on “Download”. 

The downloaded PEM certificate file will need to be uploaded to the Peakon Integrations page. To upload, navigate to the Integrations page and click on “Choose file” under the “Certificate” sub menu. Upload the downloaded Certificate from OneLogin. 

Now, we need to obtain the SAML endpoint from the OneLogin SSO page. Copy the SAML Endpoint and paste it into the Peakon Integrations page under “SSO Login URL

Please note that the SSO Logout URL is not required for OneLogin.

Assigning Users in OneLogin

Make sure you add all required users who need to access Peakon using the “Users” menu. 

Hit the “Save” button at the top right of the screen to complete the setup. Also, make sure you save the configurations on the Peakon Integrations page.

Test that single sign-on is working

Now that you have created your SAML app, you are ready to test it:

  1. Go to app.peakon.com/login and enter your email address.
  2. After entering the email, Peakon will detect that this email supports single sign-on, and clicking the "Sign in" button will redirect you to OneLogin’s sign in page, before redirecting you back to Peakon and logging you in.
  3. If you prefer to sign into Peakon using your existing password, you can skip the single sign-on step by clicking "Sign in using password" after entering your email.
  4. Optionally, go directly to (or bookmark) app.peakon.com/saml/{your email domain}, which will start the single sign-on flow directly without visiting the Peakon login page first.

Article: Introduction to using single sign-on
Article: Set up single sign-on with G Suite (Google Apps)
Article: Set up single sign-on with Microsoft ADFS
Article: Set up single sign-on with Azure AD through the App Gallery

Did this answer your question?