Talentoday Manager | SSO Integration - SAML
To allow our enterprise customers employees and partners to access the Talentoday Manager, Talentoday supports SSO integration via AD FS / SAML.
SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a XML-based protocol.
+------------+ +-------------+ +-----------+
| Talentoday | | Client | | Auth |
| (SP) | | | | Server |
+------------+ +-------------+ +-----------+
| | |
| <- request resource --| |
| -- redirect to IDP -->| |
| | |
| |----- request IDP ---->|
| |<-- Get SAML payload --|
| | |
|<-- send SAML payload --| |
| redirect to resource ->| |
Configuration of your platform
Here are the details needed for the implementation on your side:
- Issuer URL:
https://app.talentoday.com/users/<customer-slug>/auth/saml/metadata - Callback URL:
https://app.talentoday.com/users/<customer-slug>/auth/saml/callback - Sign-in URL:
https://app.talentoday.com/users/<customer-slug>/auth/saml/
Note: the <customer-slug> is client specific.
Talentoday Configuration
Requirements
- URL of the SAML metadata of your IDentity Provider (IDP)
- Test user account for end-to-end validation
- NameID (must have a persistent format)
User attributes
The following attributes should be transferred to Talentoday:
- last name
- first name
If you use a Microsoft service or equivalent, you can use these attributes:
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Note: The NameID is the unique key (uid) that allows Talentoday to identify the user. This attribute is included by SAML protocol, so it’s not necessary to add it to the user attributes