Single Sign On
Supported Types of SSO
Identity Provider (IdP) IdP is the Employer's source of truth system for identifying the employees and storing the employee information. That system is then used to allow the employees to connect to Service Providers (such as Stream), enabling the employee to sign in seamlessly, with the use of a single password across all the services used by the employer.
Service Provider (SP) Service Providers allow authenticated users to connect to the services that they provide. In this case, an employee would be able to access and use Stream after being authenticated through the integration that Stream as an SP has with the Employer's IdP.
Logging using SSO
Stream supports SP & IDP initiated Single Sign On through SAML requests.
Stream integrates with all of your common workforce messaging tools such as Blink, alongside traditional applications like Microsoft Active Directory and Google Workspace.
Configuring IdP Initiated SAML
When configuring the application within your IdP (e.g., Azure AD or Google Workspace) you will need to insert the following information
Entity ID https://wagestream.com
ACS URL's
- Production: https://api.wagestream.xyz/api/v1/saml/standard
- Staging: https://api.staging.wagestream.xyz/api/v1/saml/standard
Once the application has been configured, please provide us with the below
- IdP Metadata URL
- Copy x509 Certificate
- Two test users for Stream to test with, make sure the users have access to the application within the product that acts as your IdP
- SAML assertions: you'll need to include the user-id that aligns with the employee-id provided to us as part of the employee data exchange
- Unique identifier for the organisation, the "org-id", which Stream will need to configure in their back-end
Configuring SP Initiated SSO
When SP Initiated SSO is required, your Stream contact will talk your teams through the appropriate steps during a set-up call.
Updated 5 days ago