The EmpowerID SSO framework allows you to integrate UltiPro with EmpowerID, making EmpowerID enables seamless integration with UltiPro, positioning EmpowerID as the identity provider for your organization's UltiPro account. In this way, users can This integration allows users to access their corporate UltiPro accounts directly from through EmpowerID, using their EmpowerID credentials, their corporate Active Directory (AD) logins, or those of credentials from another trusted ( third-party ) identity provider that has been integrated with EmpowerID.
Note |
---|
As a prerequisite to creating an SSO Connection for UltiPro as a service provider in EmpowerID, you must have an UltiPro account. Additionally, UltiPro uses ADFS2 to federate with third-party applications, therefore you must send UltiPro the certificate you are using in your EmpowerID configuration so they can configure ADFS2 appropriately. |
Create an UltiPro SSO application and connection
On the navbar, expand Apps and Authentication and click Applications.
From the Actions pane, click the Create Application action.
This opens the Application Details form, which contains various tabs and fields for creating the application.
Macrosuite divider macro | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Name – Enter a name for the application
Display Name – Enter a display name for the application
Description – Enter a description for the application
Instructions – Optional
Full URL (Exact Match Path) – Leave empty
Create a Tracking Only Account Store – Leave unselected (Although you have the option to create a tracking-only account store for UltiPro, the best practice is to connect EmpowerID to UltiPro so you can inventory and synchronize the user data in your UltiPro account with EmpowerID. This lets you create new UltiPro accounts in EmpowerID and have them appear in UltiPro and vice-versa.)
Select Existing Account Store (Directory) – Search for and select your UltiPro account store
Select a Location – Click the link and then search for and select an EmpowerID location in which to create the application
Publish in IT Shop – Select this option if you want eligible users to be able to request an account in the application from the IT Shop
Allow Claim Account – Select this option to let users claim application
Login is Email Address (Receive OTP to Claim) – Select this option if the login for the application is an email address. This setting is necessary for passing the appropriate identity assertion to the application when logging in to it from EmpowerID.
Allow Request Account – Select this option to let users to request or claim an account in the application from the IT Shop
Make Me the Owner – Select this option if you want to be the application owner
Icon – Enter ~ Images/AppLogos/UltiPro.png to use the UltiPro image provided by EmpowerID. This image appears in the Personal Applications page of the EmpowerID Web application for users with access to UltiPro.
Macrosuite divider macro | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Select SAML as the Single Sign-On Connection Type.
Select Create a New SAML Connection.
Macrosuite divider macro | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Display Name – Enter the name for the UltiPro SSO connection that you want to appear to users in the EmpowerID user interfaces. By default EmpowerID populates the value of this field with the name you gave to the application above.
SAML Name Identifier Format – Value should be Unspecified
Issuer – Value should be EmpowerID
Initiating URL – Enter /WebIdPForms/Generic/AuthenticationRequest
Tile Image URL – Leave the value as is
Description – Enter a description for the SAML connection
Macrosuite divider macro | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Click the Add button and fill in the following:
Assertion Consumer URL – Enter https://efs.ultipro.com/adfs/ls/
Priority – Optionally, enter a number to indicate the priority for the URL when more than one ACS URL is specified (the lower the number the higher the priority)
SAML Submission Method – Select HTTPPost
Click Save.
Macrosuite divider macro | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Select Enable Assertion Signature.
Signing Certificate – Search for and select the appropriate certificate to sign the SAML assertions sent to UltiPro.
Easy html macro | ||||
---|---|---|---|---|
| ||||
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|