Enable secure, centralized login for all Empuls users
Single sign-on (SSO) allows employees to log in to Empuls using their OneLogin organizational credentials. It enhances security, simplifies access, and enables admins to centrally manage user provisioning and deprovisioning through OneLogin.
How SAML Works
SAML (Security Assertion Markup Language) is an open standard that allows identity providers (like OneLogin) to authenticate users and pass a verified identity to a service provider (Empuls).
It does this using a digitally signed XML assertion that confirms who the user is.
Once configured, authentication works like this:
User enters their email on the Empuls login page and clicks Proceed.
They are redirected to the OneLogin login page.
OneLogin authenticates the user.
The user is redirected back to Empuls with a secure SAML response.
Access to Empuls is granted.
How to Set Up OneLogin SSO for Empuls
A. Create a SAML 2.0 Application in OneLogin
Sign in to your OneLogin Admin Portal.
Go to Applications → Add App.
Search for “SAML Test Connector (Advanced)” and select it.
Click Save to create the application.
B. Configure SAML Settings in OneLogin
Navigate to Applications → [Your App] → Configuration.
Fill in the following details from your Empuls account: Service Provider Details (from Empuls)
Copy the values from:
Admin Dashboard → Reports & Admin → Integrations → SAML 2.0 SSO
You will need:
ACS (Assertion Consumer Service) URL
Entity ID / Audience URI
Default Relay State (optional)
SP Metadata XML (optional upload)
You can download empuls-sp-metadata.xml from Empuls and upload it directly into OneLogin for auto-mapping.
Save the configuration.
C: Set NameID Format + Attribute Mapping
Empuls validates users through Email ID or Employee ID.
In OneLogin:
NameID Format
Set to:
Email (recommended)
OR
Unspecified using Employee IDClick Save.
D. Download OneLogin IdP Metadata
Go to Applications → [Your App] → SSO.
Click Download Metadata.
You will receive an XML file (onelogin-metadata.xml).
E. Upload Metadata into Empuls
Log in to Empuls.
Navigate to:
Reports & Admin → Integrations → SAML SSOUpload the IdP Metadata XML file downloaded from OneLogin.
Save your changes.
F. Test the SSO Connection
Click Test Connection in Empuls.
Note: Your browser may block pop-ups. Enable pop-ups to continue testing.
If successful, Empuls will confirm that SSO is active.
User Login Flow After Enabling SSO
Once SSO is enforced:
User enters email on Empuls login page.
Automatically redirected to OneLogin.
Authenticates with organizational credentials.
Redirected back to Empuls with access granted.
Data Flow Architecture
Empuls acts as the Service Provider (SP).
OneLogin acts as the Identity Provider (IdP).
Authentication response (SAML assertion) passes identity securely.
No passwords are stored on Empuls.
FAQs
Do I need to enforce SSO for all users?
Do I need to enforce SSO for all users?
No. You can choose to make SSO optional or mandatory.
What user identifier does Empuls require?
What user identifier does Empuls require?
Either Email ID or Employee ID must be passed in the NameID.
Can we use OneLogin groups or SCIM provisioning?
Can we use OneLogin groups or SCIM provisioning?
Empuls currently supports SAML authentication; SCIM can be configured separately (if applicable for your plan).
What is the Empuls Application URL?
What is the Empuls Application URL?
https://{{tenant_url}}/home/integrations/saml_sso
Please reach to [email protected] for any feedback or questions