How do I setup Single Sign-On through an IdP service?

Prerequisites:

• Be an Ambition Admin
• Have an active, publicly accessible, SAML 2.0-enabled Identity Provider (IdP) service

Benefits:

• Users authenticate into Ambition using company-managed credentials
• Users already signed into company network will automatically be signed into Ambition
• Ambition access will automatically be revoked once employees are removed from company-defined HRMS system

Identity Provider Setup

Configuring the Identity Provider (IdP)

See the reference below for configuring your IdP to work with Ambition, the new service provider (SP)

Start URL: https://SUBDOMAIN.ambition.com/account-management/login/
Entity Id: https://SUBDOMAIN.ambition.com/account-management/login/
ACS URL: https://SUBDOMAIN.ambition.com/account-management/login/
Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Replace SUBDOMAIN in the URLs above with your Ambition-assigned subdomain

Ambition Setup

1. Open the left navigation and click Administration > People > Users > Single Sign-On.
2. Click the Single Sign-On tab, then click Enable Single Sign-On.

4. Complete the form, click Save.

IdP Metadata URL: The publicly accessible URL where your IdP's metadata is hosted
First Name SAML Attribute: The corresponding attribute name in your SAML response
Last Name SAML Attribute: The corresponding attribute name in your SAML response

Automatically Create Ambition Users: When enabled Ambition will automatically create an account for a new user and sign them into the system. When disabled you must manually create accounts for desired users, otherwise they will be denied Ambition access upon initial login.