- OrgChart Overview
- Quick Start Guides
- Top Toolbar
- Viewer
- Directory
- Planning
- Workbench
- View Manager
- Chart Settings
- Account Settings
- Connectors
- Append Data Connectors
- Merge Data Connectors
- Active Directory
- ADP
- ADP Recruitment
- Append Table
- Azure AD
- BambooHR
- Breathe HR
- ClearCompany
- Cornerstone
- CSV
- Dayforce
- Excel
- Greenhouse
- iCIMS
- Jobvite
- Lever
- Namely
- Oracle
- OrangeHRM
- Paychex
- Paycom
- Paycor
- Paylocity
- PaySpace
- PeopleHR
- Sage
- Salesforce
- SFTP Pull
- Signify
- Subscribe HR
- SuccessFactors
- TriNet
- UKG
- UKG Pro
- Unicorn HRO
- Workday
- Append Data Connectors
- Topics
- Admin User Impersonations
- Automatically Export to SharePoint
- Auto-Assignment Example
- Auxiliary Reporting
- Co-Head Example
- Creating a Master Chart
- Creating a Master Page
- Creating Shortcuts
- Flat File Prep
- Formulas
- Functional Charts
- Import Filters
- Index Page
- Inverted Charts
- Level Charts
- Multi-Chart Documents
- Pie Chart Example
- Point-in-Time Charts
- Restricted Link Setup
- Security Profiles
- SSO Configuration
- Working with Photos
- Release Notes
- Troubleshooting
- Legal
- Contact Us
SSO Configuration
Audience
Audience: Administrators Edition: Enterprise
Overview
Single-Sign-On (SS0) applications enable users to access all of their enterprise systems in one place. OrgChart supports SAML 2.0 Single Sign-On, which makes it compatible with most Identity Management Systems.
Administrators can integrate OrgChart Now with their Identity Management System directly in the OrgChart application.
OrgChart Metadata
OrgChart metadata differs depending on your server.
To find the OrgChart metadata relative to your server, enter the following into your URL search bar:
https://{SERVER NAME}.orgchartnow.com/saml/sso_metadata
For example, if your OrgChart account is hosted on https://unicorn2.orgchartnow.com, unicorn2 is the name of your server.
To find the unicorn2 metadata, enter http://unicorn2.orgchartnow.com/saml/sso_metadata into your URL search bar.
IDP SAML Configuration
Within your IDP, please ensure that the following SAML configuration options are populated correctly:
Single Sign on URL: https://{SERVER NAME}.orgchartnow.com/saml/sso acs?entityID=YOURENTITYID
Recipient URL: https://{SERVER NAME}.orgchartnow.com/saml/sso_acs
Destination URL: https://{SERVER NAME}.orgchartnow.com/saml/sso_acs
Audience Restriction: https://{SERVER NAME}.orgchartnow.com/saml/sso_metadata
Name ID Format: Email Address
Configuring SSO
Log in to OrgChart.
Select More > Account Settings, and then click on the Authorization option from the Settings dropdown menu.
Click on the
icon (to the right of the SSO Configuration heading). The SSO Configuration panel is displayed.
Enter the SSO Entity ID associated with your IDP (Identity Provider).
Select the metadata type in the Metadata Type dropdown menu. Metadata types include:
Remote - Metadata can be accessed using a URL.
Local - Metadata is not publicly accessible.
Enter the URL associated with your Remote metadata, or drag and drop your Local metadata into the SSO Configuration panel to upload it to OrgChart.
Check the SSO Enabled checkbox to enable users to sign in to OrgChart through the IDP.
Optionally, check the Auto Provision checkbox to create new users in OrgChart (if they do not already exist) when first accessing the application from the IDP.
Optionally, check the Single Logout checkbox to enable SLO. When SLO is enabled, users who sign out of OrgChart will automatically be signed out of their IDP.
Click Save.
SAML Attributes Handling
OrgChart Now can pull the security groups from your IDP, and map them to the appropriate Access Group created in OrgChart.
When SAML Attributes Handling is configured, OrgChart will always respect the security group assigned to a user in the IDP. So, if permissions are adjusted in your IDP, they will also be adjusted accordingly in OrgChart.
Follow these steps to configure SAML Attributes Handling:
Log in to OrgChart.
Select More > Account Settings, and then click on the Authorization option from the Settings dropdown menu.
Click on the
icon (to the right of the SSO Configuration heading). The SSO Configuration panel is displayed.Scroll down in the SSO Configuration panel, until you reach the SAML Attributes Handling section.
Enter the SAML attribute group in the SAML Group Attribute text box.
Click on the
icon to the right of the SAML Attributes Handling header.Enter the SAML attributes for the IDP group you want to map to an OrgChart Access Group in the IDP Security Group text box.
Click on the Application Security Group dropdown menu, and then select the OrgChart Access Group that corresponds to the associated IDP Security Group.
Click Save.
Verifying Your SSO Configuration
You can test your SSO configuration by copying and pasting the following URL into your web browser:
https://na2.orgchartnow.com/saml/sso_acs?entityID=YOURENTITYID
Note
YOURENTITYID is equal to the Entity ID in your company's metadata.