The Single Sign-On (or SSO) configuration allows your employees to connect to the Vendredi platform directly with their professional account.
Your employees will not have to create a new password and will save some precious time.
The platform makes it very easy for you to configure Single Sign-On on your own.
⏲️ It takes 15-20 minutes of work from you IT department. So it is very simple.
🖥 Warning, the rest of the article gets technical!
Which SSO technologies are compatible?
The Vendredi platform uses the SAML v2 protocol in POST mode.
It's therefore compatible with the majority of SSOs, in particular with Microsoft (Azure AD, ADFS, ...) and Google (Google Apps) solutions.
The configuration procedure
1- Configure Vendredi as Service Provider
First, you need to configure Vendredi as a Service Provider on your internal SAML solution.
Here are the instructions for Azure AD and Google G Suite. If you use another provider, please consult their documentation.
In this step, you will need the metadata that are available directly in the Vendredi platform:
Go to Settings > Advanced settings > Single Sign-On > Show Metadata
The data you need to send are :
Data | Key | Required or optional |
First name | first_name | Required |
Last name | last_name | Required |
Required if no Unique identifier | ||
Unique identifier | employee_sso_id | Required if no Email |
Phone number | phone | Optional |
Email of collaborator manager | manager_email | Optional |
Attached entity* | entity | Optional |
* If you don't know which "Entity" data to send, you can consult the list of entities configured on the Vendredi platform: Settings > Users > Manage entities
You must send either an email
(the user's email address) or an employee_sso_id
(a unique identifier of the user). Most of the time the use of email is recommended, but if your company does not provide a professional email address to all users, you can prefer a connection by unique identifier. When logging in for the first time with SSO, the user identified by a unique identifier without a professional email address must enter a personal email address to complete their registration.
2- Configure your SAML on the Vendredi platform
Once Vendredi has been configured as your Service Provider, all you have to do is fill in the technical configuration in Settings > Advanced settings > Single Sign-On!
💡 Our recommendation : fill in the technical data first without activating the connection via Single Sign-On. This allows you to make sure everything is working before you activate it for all your employees.
3- Test the correct functioning of the SSO connection
Once the configuration is done, you can click on "save and test" at the bottom of the page.
This allows you to verify the data received by the Vendredi platform.
Here is an example of a connection test result :
👉 👉 Last step: once the test is successful, don't forget to activate the connection for all your employees on the configuration page and save!
Settings > Advanced settings > Single Sign-On > Activate Single Sign-On login