Single Sign-On using Custom SAML

Single Sign-On (SSO) enables users to access multiple applications with one set of login credentials.

JazzHR now supports the ability for users to SSO into JazzHR using our custom SAML framework, allowing companies to use their own identity provider.  To start using single sign-on with JazzHR contact our team or click here to add SSO to your plan.

By enabling SSO into JazzHR through custom SAML, you’ll be able to simplify password management, reduce IT friction, and create a more secure level of organizational access to JazzHR.

Is Okta your identity provider? Learn about our Okta integration. 

To start enabling users to SSO into JazzHR using custom SAML, please add your IT Admin as a Super Administrator in JazzHR and direct them to the steps below: 

Note that configuring SSO via custom SAML in JazzHR requires advanced IT setup. 

Configure SSO with Custom SAML in JazzHR

  1. Log into your JazzHR account.
  2. Click Settings.
  3. Click People.
  4. Click the green + symbol next to Single-Sign-On.
  5. Choose Custom SAML as the Authentication Strategy.
  6. Click Save and Continue.
  7. Provide a unique name for your Custom SAML configuration.
  8. Click Save and Continue.


Each Identity Provider (IDP) may have a different user interface - however, the values should remain consistent.

Once the Custom SAML configuration has been named a modal will pop up. 

  1. Copy and paste these provided values into your Custom SAML configuration within the IDP.
    • JazzHR SSO / ACS URL
    • JazzHR Audience URI / Entity ID
  2. After saving the data within the IDP, your IDP will provide metadata to paste into JazzHR.
  3. Paste the metadata for these corresponding fields into JazzHR. 
    • IDP Single Sign-on URL
    • IDP Issuer / Entity ID
    • IDP / X.509 Certificate
  4. Click Save and Continue. 


When all of the Custom SAML is filled, an option to Download JazzHR Metadata will appear. 


Test Configuration

Before enabling SSO for all users on the JazzHR account, you can test the SSO connection. In JazzHR, click Test Configuration and select Test SSO. You will receive an email with a one-time link to bind your JazzHR login with your IDP.


Enable SSO

After you have tested and confirmed proper configuration, you can enable it for all users on your account. Navigate to Settings and select the People Tab. Click the pencil icon next to your Custom SAML SSO and Enable SSO

All users on the account will receive an email to Login to JazzHR. Once the user account is configured, you will no longer be able to use your JazzHR email and password to manually log in.

Once the user binds Custom SAML with their JazzHR account, they will be able to SSO freely into JazzHR directly from the IDP. Or, by using this link:


Can I opt-users out of SSO? 

Yes. If you have an External Recruiter that is not configured with your IDP, you can remove SSO from their profile. Go to Settings>People> Select User. Click Disable SSO on the User's profile. This will trigger an email for the user to set up a password to login to JazzHR. 

Can we use SSO and traditional email and password to login?

No. Once the Custom SAML is enabled, users will not be able to log into JazzHR using their email and password. You will need to disable SSO from their account.

Can I turn off context validation?

Yes. By default, the SAML integration requires authentication with an email & password. If your configuration uses alternative contexts, you can turn off all context validation by unchecking the "Validate AuthContext" checkbox in the SSO configuration modal.

What happens if I remove SSO from my JazzHR subscription?

If you choose to remove SSO from your JazzHR subscription, you will need to disable the SSO integration from your settings. Go to Settings and select People. Click the trash can icon next to your configured SSO and select Disable SSO. 

All users on your account will receive an email from to reset their password and log in.

If you do not disable SSO within 24 hours of removing the feature from your account, a member of our Customer Success Manager team will reach out!


Does the Web-based solution support federated services or LDAP integration with an on-premises Active Directory? 

Yes! See the article below for more information.

Was this article helpful?
1 out of 2 found this helpful