Step 1: Prerequisites

Access to OrangeHRM: You should have administrative access to your OrangeHRM instance.

SAML Identity Provider: Choose a SAML 2.0 compliant Identity Provider. Popular options include Okta, Azure, or any other SAML-compliant system.

Step 2: Configure Identity Provider (IdP)

1. Create a New SAML Application:

• Log in to your IdP's admin console.
• Create a new SAML application.
• Provide the parameters below to the client
  • Entity ID (Issuer)
  • Assertion Consumer Service (ACS) URL
  • Single Logout (SLO) URL (optional)

Configure SAML Attributes:

• Define the necessary SAML attributes, such as NameID and user attributes like email or username.

Download IdP Metadata:

• Download the IdP metadata file provided by your IdP. This file typically contains important configuration details.

Step 3: Configure OrangeHRM

1. Access OrangeHRM:

• Log in to your OrangeHRM instance as a system administrator.

2. Go to HR Administration -> Configuration -> Authentication -> SAML

   

    

3. Click on the Add button and, from the dropdown, select External IdP

4. Enable SAML:

   Enable the SAML authentication option.

5. Upload IdP Metadata:

If your IdP provided a metadata file, upload it to the OrangeHRM SAML settings.

5. Map SAML Attributes:

Map OrangeHRM fields to the corresponding attributes from your IdP (e.g., map email, username).

6. Save and Test

Save the SAML settings.

Test the configuration by attempting to log in with a user account associated with the IdP.

Note - If you do not have access to system configurations, please reach out to goldsupport@orangehrm.com for assistance.

Step 5: Troubleshooting

1. Logs:
   • Check logs in OrangeHRM and your IdP for any error messages.
2. Attribute Mismatch:
   • Confirm that the SAML attributes are correctly mapped between OrangeHRM and the IdP.
3. URLs:
   • Double-check that all URLs (ACS, SSO, SLO) are accurate and accessible.
4. Metadata:
   • Ensure that the metadata exchanged between OrangeHRM and the IdP is correct.