Integrating an Authentication Provider in Personio

This article explains how to integrate an existing authentication system into Personio so that you and your employees are able to log into Personio at any time without needing to remember yet another login and password. 

 

1. Google Single-Sign-On (SSO)

 

Activate Google SSO with a single click in Settings > Authentication > Google Auth.

Google_Auth.png

All employees whose Google-based email addresses are stored in their employee profiles in Personio can log in via Google authentication.

When your employees launch Personio, they see the following view, which allows them to log into Personio by simply clicking on Login with Google.

Google_sign-in_activated.png

Please note that it is best to activate Google SSO only after your account has been fully implemented, as your employees will be able to log into Personio from the time SSO is activated. Access to their accounts is then controlled via Google.

 

2. OAuth 2.0 

 

Personio supports login via the OAuth 2.0 protocol, which provides for secure, standardized management of access to applications. Please work with an IT administrator to implement this type of authentication.

Create the login via OAuth 2.0 directly in Personio by clicking on Settings > Authentication > OAuth 2.0. You will need the following data for authentication:

Configuration_OAuth.png

Once you have entered all data into the corresponding input fields and have saved your settings, you need to configure your redirection to the callback URI for your account. You’ll find this under Settings > Authentication > OAuth 2.0 > Provider settings.

OAuth_Provider_Settings.png

Click on Perform a configuration test to verify that authentication has been set up successfully.

Test_configuration2.png

Login via OAuth is initially optional, meaning that your employees can choose whether they wish to log into Personio using their Personio access data or via OAuth. If you want to make login via OAuth mandatory for all employees, activate this setting by clicking on the relevant button in Enforcement.

Enforcement.png

 

3. LDAP/Active Directory via OAuth2

 

If you wish to integrate your Active Directory, you need to implement this option via an identity provider, which acts as an OAuth interface between your Active Directory and Personio.

The WSO2 Identity Server is a good choice of tool for identity and access management. It can be downloaded free of charge here: http://wso2.com/products/identity-server/.

If you are already using one of the following providers, you can also implement your OAuth integration through these:

Again, please work with an IT administrator to implement this type of authentication.

 

Can't find what you're looking for?

We are happy to help you! Just write us a message with your questions and we will get back to you as soon as possible.

Submit a request

Comments

0 comments

Article is closed for comments.

    Topics of this article