👑 Single Sign On is a Premium feature
What is SSO?
Single Sign-On (SSO) is an authentication method used by companies to centrally manage programs employees access. Using an SSO provider, IT admins can control in one place who can access any services used by the company .
This is ideal for IT admins to onboard new employees, as it provides them with instant access to multiple software services (avoiding the need to register new employees to these systems one by one). Off-boarding of employees is also simplified as you can revoke access from all systems in one place.
Employees benefit as they can access all the programs they need using just one set of credentials.
How does TravelPerk support SSO?
TravelPerk supports SSO using the SAML 2.0 protocol.
When an employee tries to sign in via SAML:
- We will authenticate against your SAML identity provider
- If the employee is already authenticated in your SAML identity provider, they will have instant access to TravelPerk.
- Otherwise, they will need to authenticate first in your SAML identity provider to get access to TravelPerk.
SAML 2.0 is supported by all major 3rd party identity providers like Okta, Google Suite, LastPass, OneLogin, Azure, JumpCloud.
What if the employee has no TravelPerk account yet?
Optionally, we can create automatically the TravelPerk account after the first successful SSO authentication.
In this case:
- We will create a new account for the employee and he will be able to book instantly
- We will create the account automatically
- by default, we will use only default settings (default role, invoice profile and travel policy, no direct approver)
- we can setup our integration to create the user with more custom settings (correct invoice profile, cost centre and manager)
- We will notify the administrators every time a new employee join the TravelPerk account (optionally)
If you decide to not allow the automatic creation of the account after a first successful SSO authentication, the employee will not be able to access to TravelPerk. An administrator will have to manually creates the account in TravelPerk to give access.
What if an employee leave the company?
As soon as you revoke the employee access in your 3rd party identity providers (Okta, Google Suite, LastPass, OneLogin, Azure, ...) the employee will not be able to use TravelPerk anymore.
How can I setup SSO for my company?
You need to have a Premium subscription to setup SSO., contact your account manager to start the process.
We will then come back to you with the setup instructions for your SAML identity provider.
How can employees access TravelPerk via SSO?
As soon as we finish the SSO configuration, your company will have a new dedicated sign in page, such as 'acme.travelperk.com'.
Within this page, employees will have the option to sign in to TravelPerk using SSO.