Once your SSO connection is linked to your identity provider, you have several configuration options available to you.
- Enable SSO: This activates SSO for your TravelPerk account. This will publish the corporate login URL and allow your company to sign in via your identity provider.
- Corporate URL: This is the unique URL for your company to sign in to TravelPerk. You can share this URL with your company.
Besides the above, you also have the option to enable the following features:
When this is on, your users can ONLY sign in via your identity provider, they will NOT be able to sign in using the one-time access code method.
When this setting is off, users can sign in in two ways: via your identity provider or using the one-time access code method.
Admin override for SSO only
When the 'SSO only' setting is on, 'Admin override' allows Admins to sign in via your identity provider AND the one-time access code method.
If 'SSO only' is on but 'Admin override' is off, Admins will ONLY be able to sign in via your identity provider.
We recommend enabling the Admin override whilst configuring the integration. If you get locked out of your TravelPerk account, please contact your account manager.
Allow user creation
If this setting is on, new users that sign in to TravelPerk with their identity provider credentials will have their TravelPerk account automatically created (Just-in-time user provisioning).
When creating the account, we'll use the First Name, Last Name and Email (which will also be the username) from the response.
When this setting is off, a TravelPerk admin user will need to manually create a TravelPerk account beforehand. Otherwise, the new user will receive an error when they try to sign in.
Keep in mind: Even with automatic user creation, you will still need to introduce some user information manually, such as Cost centers and Invoice profiles.
If you want to be informed every time a new user is created from SSO to check their configuration, check the box to "Let company admins know via email when someone creates an account".
Allow user updates
This setting allows TravelPerk account information to be automatically updated to match information shared from the identity provider. It will keep the following fields up-to-date: First Name, Last Name, and Email.
When this setting is off, the employee information will not update.
Customize your company login button
Here you can edit the text of the button shown to your users on the corporate login page.
❓Frequently Asked Questions
What if an employee leaves our company?
Given that the employee isn't a TravelPerk admin and that mandatory SSO is never dropped, as soon as you revoke the employee access in your identity provider (Azure, G Suite, OneLogin, OKTA, ...), the employee will not be able to use TravelPerk.
How can our employees access TravelPerk via SSO?
Your company will have a dedicated login page, for example, as 'acme.travelperk.com', where employees can sign in to TravelPerk using SSO.
How can I delete our SSO configuration?
To delete an SSO configuration, follow these steps:
- Go to Company Settings > Integrations > SSO
- Click on Configure
- Click on Delete integration, then Confirm
This will remove your SSO configuration and the authorization previously provided.