Configuring Employee SSO in PlanSource

Steps on how to configure employees for SSO at the client level as a client administrator.

This guide will detail the steps necessary for setting up employees for SSO for a client in PlanSource.

Overview

This guide assumes that SSO between the Source system and PlanSource has already been developed and tested. The following steps will detail what is needed to make an employee SSO eligible in the PlanSource system.

1. Login to PlanSource

Access your PlanSource client administrator account via the link:

PlanSource Benefits Admin Site

Login using the username and password provided to you by your PlanSource Project Manager.

2. PlanSource API-SSO Code

PlanSource utilizes a field called the PlanSource API-SSO code (subscriber_code) to store the unique identifier used by the source system. This code is how PlanSource can tie an employee accessing PlanSource via SSO to the correct profile in PlanSource.

By default, the API-SSO code is disabled from being modified by an administrator or the employee themselves. The PlanSource system uses a Data Field Security system to manage access to the various fields within PlanSource.

3. Enabling the PlanSource API-SSO Code

  1. Access the Configure tab
  2. Ensure you are in the correct Plan Year before making any changes.
  3. Click on Data Field Security
  4. Click on the correct Field Security Role (also known as FAR - Field Access Role). Usually Update All when using the Sandbox account.
    4a. Update All - Controls fields when editing an employee directly in PlanSource
    4b. Read Only - Controls section of the system where data is displayed for read only.
    4c. Subscriber - Controls what fields an employee/subscriber can see/update when going through the enrollment experience.
    4d. Import - Controls what fields are accessible via the PlanSource spreadsheet Import feature found in the data tab.
    4e. Batch Import - Controls what fields are accessible via the PlanSource batch import process.
  5. Clicking on Update All opens a configuration screen containing all the available fields that can be modified via this security role.
  6. Find the API-SSO Lookup Code under field name.
  7. Check the boxes next to this field for View, Update, and Insert.
  8. Click on Save.

4. Updating the Employee API-SSO Code

  1. Navigate to the Employees tab.
  2. If you know the employee you want to find enter their details into the search fields otherwise you can click search directly to pull up all employees.
  3. Click on Edit Employee.
  4. Set the API-SSO Lookup Code to what you will be passing as the empID when making the SAML 2.0 assertion.
  5. Click on Save.

5. Testing the SSO Connection

If the above steps were done correctly, you should now be able to access the source system as the user that was just setup in PlanSource. Access the SSO link that has been developed in the source system and the user should be redirected to the PlanSource Enrollment page.