SAML 2.0 Single Sign-On (SSO)

What Is This Service?

Single Sign-On (SSO) is a solution that allows a user to enter his or her credentials just once to access multiple websites. Single Sign-On can ensure a single login and a single profile view. SSO allows employees and administrators to seamlessly access a variety of systems, such as using a third-party HCM service and accessing the PlanSource enrollment experience without logging into both individually. Single Sign-On makes it easier for you to deliver a unified experience.

What Is Needed?

  • #509 certificate
  • Employee API-SSO lookup numbers
  • Admin API-SSO lookup numbers
  • Establishing a link into PlanSource

What Are the Benefits?

Saves Time

Users do not have to login to multiple systems individually

Prevents Frustration

It's much easier to keep up with one password than several

Streamlines Processes

Allows users to transition from one system to another without additional effort

How It Works

  1. User authenticates to identity provider using a single-factor, or multi-factor authentication.
  2. The Identity Provider issues a SAML token to the User with assertions about the User’s identity. In Mobile devices, and web browsers, the SAML is often issued as embedded BASE64 within the HTML response.
  3. The User’s browser is redirected from the Identity Provider to the location of the Service Provider. The User’s browser then issues a request to the Service Provider with the SAML token embedded. The Service Provider then inspects the SAML token and its contents to determine validity based on the trust relationship with the Identity Provider. The Service Provider then provides access to the various online banking applications based on the SAML assertion statements included in the token.