Configuring SAML SSO at the Client Level

Steps on how to configure SSO at the client level as a client administrator.

This guide will detail the steps necessary for setting up the SSO for a client in PlanSource.

Overview

PlanSource currently offers Single Sign-On using SAML 2.0 authentication only. Support for OAuth 2.0 SSO will be coming soon. If you would like to know more about what SAML SSO is, please view our description page here:

SAML 2.0 Single Sign-On (SSO)

The following steps below will go over how to configure SAML 2.0 on your client in PlanSource.

1. Login to PlanSource

Access your PlanSource client administrator account via the link:

PlanSource Benefits Admin Site

Login using the username and password provided to you by your PlanSource Project Manager.

600

2. Access Single Sign-On

  1. Navigate to the System tab within your client administrator page
  2. Click on Single Sign-On via the sidebar.
  3. Click on [Start Configuration].

📘

Start Configuration

Note: Start Configuration may not appear and you may see SSO configuration options. Please continue with the next steps.

3. Configure SAML Single Sign-On

  1. Set the SSO Type to: SAML.
  2. Copy the SAML Relay State as this will be need to be configured on the source system as part of the assertion.
  3. Copy the x.509 Certificate from the source system and paste into the provided box.

📘

x.509 Certificate

Note: Do not paste the header/footer part of the certificate that has:
-----BEGIN CERTIFICATE----- or -----END CERTIFICATE-----

Only copy the contents inbetween the certificate header/footer.

  1. The Logout URL should be the URL for the source system.
  2. Admin/Subscriber SSO:
    5a. Not Enabled: Prevents SSO access for administrator or subscribers.
    5b. SSO Only: Allows access to PlanSource via SSO only! Disables Direct Access w/ username/password.
    5c. SSO & Direct Access: Allows access to PlanSource via SSO or Direct Access.
  3. Click on Save.

Congratulations, you have now configured SAML SSO on the client in PlanSource. If there are any issues, first recommendation is to recopy and paste the x.509 certificate to ensure it is correct. If issues still occur, please reach out to your PlanSource point of contact.

4. Configuring an Employee or Administrator SSO in PlanSource

To learn more about setting up employees for SSO access in PlanSource, click here!

To learn more about setting up administrators for SSO access in PlanSource, click [here]
(https://developer.plansource.com/docs/configuring-admin-sso-1)!