This guide walks you through how to assign single sign on (SSO) for a client and enter their authentication details. This works in the same way as SSO for the payslip portal.
...
What information does RSM need?
- The OpenID Connect Configuration URL
- The Client ID
- The Client Secret
- Optionally, your public key
What authentication methods are supported?
...
Authorization Endpoint If a username is entered on the login screen of a user that has an email with a suffix matching one of the provided suffixes, they will be sent to this address. They will then log in to their company account and be sent back to InPay with a code.
Sharing
...
details with
...
clients and
...
logging
To easily confirm the correct configuration has been entered with a client. Click the Show Plain Details button.
Once a user is returned from the Authorization Endpoint, the request will be logged showing any issues.
FAQ
Unable to get claims. Ask client to add a claim named UserID to return the users email address.
First try checking Validate Issuer. The claims returned are affected by this setting.
User can't login by SSO
If a user is unable to login by SSO once enabled, first:
...
We don’t currently support IdP-Initiated SSO. This is where they would have an address for their SSO provider E.G. inpay.es.rsmuk.com/payslipportal4/?sso=CompanyName