Skip to main content
All CollectionsSSO
Single Sign-On (SSO) integration
Single Sign-On (SSO) integration

This article explains how to configure Pera Skope to work with an Identity Provider (IdP) to enable SSO

Ingrid avatar
Written by Ingrid
Updated over a year ago

Overview

This article covers:

  1. Setting up Azure Active Directory (AD) as an Identity Provider (IdP) for Pera Skope.

  2. Configuring Pera Skope to use AD as the IdP.

  3. Testing

Pera Skope supports SSO via SAML2 2.0, an industry standard used to provide Single Sign On by authenticating against an Identity Provider (IdP3), Azure AD in this case.

Pre-requisites

  1. Admin access to your Azure Active Directory

  2. Access to Pera Skope as an Admin user

1. Setting up Azure Active Directory (AD)

Follow the steps below to complete the setup in Azure AD.

  1. Login to the Azure portal with an Admin account. Navigate to the Azure Active directory.

  2. Select Enterprise Applications in the left side navigation pane to access the applications in your account.

  3. Click on New Application in the header to add Pera Skope.

    1. Select Create your own application from the top header menu.

      This will pop up a sidebar window to Create your own application.

      Give the application a name e.g. Pera Skope.
      Select the "Integrate any other application you don't find in the gallery (Non-gallery)" option

    2. Click on Create at the bottom to create an application. You will be redirected to the application overview.

  4. Now select Set up Single Sign-On followed by SAML, configure as below:

    1. Edit the block, Basic SAML Configuration4 and enter the following details.

      1. Identifier (Entity ID)5 This is the Pera Skope Identifier(Entity ID) URI, you can copy this from the SSO settings panel in Pera Skope as shown in Step-2.1.a

      2. Reply URL (Assertion Consumer Service URL)6 - This is Pera Skope's ACS URI, you can copy this from the SSO settings panel in Pera Skope as shown in Step-2.1.a

      3. Click "Save"

    2. Attributes & Claims7

      1. Add a new Group claim8 as below,

      2. Save the configurations.

      3. Once saved, go back to the Overview page.

    3. Edit the SAML certificates block to enable signing of response and assertion as below

  5. We require a few details to configure the Pera Skope

    1. Application ID from the Application Overview page,

    2. App Federation Metadata URL9 from the Single sign-on page SAML Certificates block,


  6. Within Azure AD navigate to the Groups page and create three groups with the names given below. Note: the groups names must be PERA_Admin, PERA_Manager, PERA_Recruiter.

    1. PERA_Admin - Admin level access

    2. PERA_Manager - Hiring Manager access

    3. PERA_Recruiter - Recruiters access

  7. Assign the groups created above to the Application via the Users and Groups page

  8. Add your Pera Skope users to the groups you created in the above steps.

  9. On the Properties page select "Yes" for "Assignment required"

2. Configuring SSO in Pera Skope

  1. Login to Pera Skope as an admin user and navigate to the SSO settings via the left hand side navigation panel.


  2. Please fill in the details below:

    1. IDP Application ID - Application ID copied from Step-1.5.a

    2. MetaData URL - App Federation Metadata Url Copied from Step-1.5.b

    3. SSO Domain - the email domain used for SSO, e.g. example.com

  3. Turn SSO login on via the "Enable SSO for logging in" switch

  4. If you want to turn-off other ways of logging in (username and password) and user management (in Pera Skope), turn on "Restrict log in to SSO". But note: please test your SSO login first - if the SSO configuration is wrong you will not be able to log in.

  5. Click "Save changes".

3. Testing

If the user configuring Azure also has an account in Pera Skope we can directly test the SSO from Azure.

  1. Click "Test this application" on the SAML based sign-on page to slide over the test panel.

  2. Click "Test sign in"

  3. Verify the sign in works

Glossary

  1. Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to independent software systems.

  2. Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorisation data between parties, in particular, between an identity provider (IdP) and a service provider (SP).

  3. Identity Provider (IdP) is a system that creates, maintains, and manages identity information for users and service principals

  4. Basic SAML Configuration is used to configure the Pera Skope in your IdP Server

  5. Identifier (Entity ID) is the Pera Skope metadata url that can be found under the SSO settings panel inside Pera Skope. This is required for the user verification with IDP server

  6. Reply URL (Assertion Consumer Service URL) is a unique company url generated with the account. This is required for the IdP integration

  7. Attributes & Claims are the user identification values required for the Pera App for Identifying the user

  8. Group claim is used for role based access to the application and hence we are adding groups in the attributes. Please do not miss to check the Emit groups names options.

  9. App Federation Metadata is a xml file with details to the IDP Application for integration. This url is required in the Pera Skope for authentication.

Did this answer your question?