- Sign in to the Zoho One Admin Panel.
Go to Marketplace, then use the search bar to find and install PurelyHR.
- Name your app and enter your Domain Name.
Note: Your Domain Name is the first part of your PurelyHR URL. If your URL is "zylker.purelyhr.com", your Domain Name will be "zylker".
- If you want to test the SAML configuration before allowing users to access PurelyHR, uncheck Display app to users.
- Click Add.
- Click Manage Application, then Single Sign-On.
- Click Service Provider Details to check and verify the SP details.
- Under Attribute Mapping, enter the following details:
- Enter "Firstname" under Attribute Name, then select First Name under Attribute Value.
- Click , enter "Lastname" under Attribute Name, then select Last Name under Attribute Value.
Click
, enter "Email" under
Attribute Name, then select
Primary Email Address under
Attribute Value.
- Click Save.
Click Identity Provider Details, then make a note of the Issuer, the Sign-in URL, the Sign-out URL, and the X.509 Certificate.
- Sign in to your PurelyHR account.
- Click , then click SSO SETTINGS.
- Select Generic SAML under Connector.
- Enter the IdP X.509 Certificate in the X.509 Certificate field, the IdP Issuer in the IdP Issuer Url field, the IdP Sign-in URL in the IdP Endpoint Url field, and the IdP Sign-out URL in the Logout Url field.
- Click Save Changes.
Just-in-time provisioning
Just-in-time (JIT) provisioning creates a PurelyHR account for users during their first SSO attempt, so you don't have to do it manually for each user.
To enable JIT provisioning:
- Sign in to your PurelyHR account.
- Click , then click SSO SETTINGS.
- Check Auto-Create Users.
- Click Save Changes.
Test the SAML connection
- Return to the Zoho One Admin Panel.
- Go to Applications, then click PurelyHR.
- Click Assign Users, choose yourself from the list, then click Assign.
- Click . If everything is working, you should be automatically signed in and taken to PurelyHR's homepage.
Enforce SAML SSO
After successfully testing SSO, you can enforce it for all users. Once this is done, your users will no longer be able to sign in using their PurelyHR credentials. To restrict users to SSO:
- Sign in to your PurelyHR account.
- Click , then click SSO SETTINGS.
- Check Force SSO.
- Click Save Changes.
Make app visible to all users
After successfully testing the SSO, you can make PurelyHR available for all users to access from their My Apps pages.
To make PurelyHR visible to all users:
- Sign in to the Zoho One Admin Panel.
- Go to Applications, then click PurelyHR.
- Click Edit, check Display app to users, then click Update.
- You can now access PurelyHR from Zoho One's My Apps page.