Set Up Single Sign-On (SSO) with Folks ATS

Single Sign-On (SSO) allows Folks ATS users to log in to the platform using their existing work credentials, making access simpler while increasing security.

Enable the Feature in Folks ATS

1. In the left menu, select Parameters > Module Configuration.

2. Click the Single Sign-On (SSO) button and click Enable.

3. Fill in the following fields:

   • Company code: you can choose any code as long as it is not already taken.

   • Authentication provider: Google Workspace or Microsoft.

Configuration with Microsoft

1. Log in to the Azure portal.

2. Go to Enterprise Applications.

3. Click New application, then Create your own application.

4. Name your application Folks ATS and click Create.

5. Once the application is added, set up Single Sign-On by selecting the SAML method, then click Edit.
   👉 For more information, see the SAML configuration for Microsoft Azure documentation.

6. In the first section (Basic SAML Configuration), fill in the following fields:

   • Identifier (Entity ID):
     https://folksats.app/authorization/sp/[company code]

   • Reply URL (Assertion Consumer Service):
     https://folksats.app/authorization/sso/respond/[company code]
     (Replace [company code] with the name previously defined in Folks ATS under Parameters > Module Configuration, Single Sign-On SSO button).

7. Click Save.

8. In the third section (SAML Certificates), download the federation metadata XML file.

9. Go back to Folks ATS, upload the XML file in the designated spot (identity provider), then click Finish.

Configuration with Google

1. Go to the Google Admin portal.

2. Select Apps.

3. Click Web and mobile apps, then Add App > Add custom SAML app.

4. Name your application Folks ATS, add an icon if desired, then click Continue.

5. On the Google IdP Information screen, click Next.

6. On the Service Provider Details screen, enter the following information, then click Next:

   • ACS URL:
     https://folksats.app/authorization/sso/respond/[company code]

   • Entity ID:
     https://folksats.app/authorization/sso/respond/[company code]
     (The company code is the one defined in Folks under Parameters > Module Configuration, Single Sign-On SSO button).

7. On the Attribute Mapping screen, click Add New Mapping and map the primary email address to the email field.

8. Make sure the Service Status button is enabled.

9. Download the federation metadata XML file.

10. Go back to Folks ATS, upload the XML file in the designated spot (identity provider), then click Finish.

User Login

When a user goes to the Folks ATS login page, they will see a new button allowing them to log in via Single Sign-On. They will need to enter the company code you provided to them to complete the login.

Require SSO Login 

To increase security, you can require SSO for all users:

• Simply enable the Require SSO login for all users button.

⚠️When this option is enabled, the standard login (manual entry of email address and password) is no longer available. Therefore, it is important to make sure that all your users have a work email address linked to Microsoft or Google.