SSO integration guide
⚠️ Access to the SSO configuration requires specific permissions (company manager rights in Javelo).
In order to configure SSO, you need to follow these steps:
Go to "Settings" (⚙️ icon) in the upper right corner of your Javelo account.
Select “SSO” from the navigation menu under the Company section.
Here you have all available SSO integrations, and more specifically, PeopleSpheres:
Find PeopleSpheres panel and click "Configure" to open the configuration modal:
Configuration of Javelo Service Provider
Here is a description for the configuration of your SAML service provider on Javelo. Please follow the instruction below. You will be then able to get any information you need to configure the Identity provider.
Provider
Javelo generates unique dedicated endpoints for your identity provider integration.
The name you will choose will be the base for these endpoints. Please ensure it only contains letters, number, underscore or hyphen. Ex:
my-company_1 ✅
@my#organization_ ❌
Communicate the provider to your support contact at Peoplespheres.
Options
Force usage
The Force usage parameter will change the behaviour of the authentication process. If chosen, users are directly redirected to the SSO authentication page once the company is selected (through its subdomain or an email).
Beware to use this option only if you are certain that all users are allowed to use your SSO.
Test mode
This option allows setting up the SSO configuration without any impact on the authentication process. Users will not be exposed to SAML V2 authentication, but it is available on a single, specific URL :
https://${SUBDOMAIN}.javelo.io/auth/login?provider=${PROVIDER}, see below to find that information.
You will be able to try your configuration, and make corrections if required.
We recommend using this option for the first configuration of your SSO. Once you have made sure your SSO is correctly configured, you can deactivate the Test mode by deselecting this option.
Allow user creation from SSO
This option allows to enable/disable the creation of new users from a connexion done via SSO.
If the user does not already exist, it is created.
We recommend disabling this option if you are also using a synchronization, in order to avoid creation of unwanted accounts or duplicates with different email addresses linked to the same user.
Important information
The SSO is mono-tenant
An SSO configuration may only be used to authenticate users for the same Javelo organization. If you have many organizations on the Javelo platform, you should have distinct SSO configurations for each.
There is one SSO configuration allowed per organization
Javelo doesn’t support for the moment more than one Saml V2 SSO configuration per organization.
Troubleshooting FAQ
email not found in request
This error means the attribute configuration is not correct for email. “Email” attribute is missing in the SAML assertion request.
name not found in request
This error means the attribute configuration is not correct for the first name. “Name” attribute is missing in the SAML assertion request.
last_name not found in request
This error means the attribute configuration is not correct for the last name. “Last name” attribute is missing in the SAML assertion request.
your account has been deactivated
The user has been deactivated on Javelo. Authentication is impossible.
Lexicon
Identity provider ⇒ The tool or service you use (KeyCloak for instance)
Service provider ⇒ SAML V2 Javelo side
Assertion request ⇒ http request from the identity provider to Javelo service provider sent after a successful authentication. It contains all attributes of an authenticated user.