Altamira HRM supports single sign on so that your users can access the service using a single username and password. The identity of the user is etablished by a central direcvtory or authentication service allowing IT administrators to centralize the management of users and authentication policies. Using single sign on, IT administrators can disable a user and be assured that the user will not be able to access any of the services in the organization. Password poilicies, multi factor authentication and many other aspects of authenticaytion are managed centrally ensuring compliance with the organizations security and privacy policies.
Altamira HRM supports single sign on using the SAML 2.0 standard. The Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. Many providers support SAML 2.0 including Microsoft 365, on premise Windows Servers, Google for Business and many others.
In SAML terminology, Altamira HRM is a Service Provider (SP) and your authentication service is an Identity Provider (IdP). You must configure both the Altamira HRM and the Identity Provider for SAML based single sign on to work.
Overall the process is as follows:
- claim you domain name on Altamira HRM
- configure the application at the IdP
- download metadata from the IdP
- upload IdP metadata to Altamira
- download Altamira metadata from Altamira
- upload Altamira metadata at the IdP
- configure claim mapping at the IdP and on Altamira
This is a rough outline and there are variations depending on the IdP you will be using. Altamira HRM has been tested and had documentation for configuriong SSO with Microsoft 365, on premise Windows Servers and Google for Business. You can use any SAML 2.0 IdP but you will have to manage the configuration on the IdP provider independently.
Also, please note that configuration is usually accomplished by exchanging XML metadata files between the SP and the IdP that contain the correct configuration parameters and make configuating SSO using SAML very simple. You can of course configure SAML manually but this is only recommended if you have a thorough understainding of the SAML specification.