Single Sign On

Supported Types of SSO

Identity Provider (IdP)
IdP is the Employer's source of truth system for identifying the employees and storing the employee information. That system is then used to allow the employees to connect to Service Providers (such as Wagestream), enabling the employee to sign in seamlessly, with the use of a single password across all the services used by the employer.

Service Provider (SP)
Service Providers allow authenticated users to connect to the services that they provide. In this case, an employee would be able to access and use Wagestream after being authenticated through the integration that Wagestream as an SP has with the Employer's IdP.

Logging into Wagestream using SSO

Wagestream supports SP & IDP initiated Single Sign On through SAML requests.

Wagestream integrates with all of your common workforce messaging tools such as Yapster and Blink alongside traditional applications like Microsoft Active Directory and Google Workspace.

Configuring IdP Initiated SAML

When configuring the Wagestream application within your IdP (e.g., Azure AD or Google Workspace) you will need to insert the following information

Entity ID
https://wagestream.com

ACS URL's

• Production: https://api.wagestream.xyz/api/v1/saml/standard
• Staging: https://api.staging.wagestream.xyz/api/v1/saml/standard

Once the Wagestream application has been configured, please provide us with the below

• IdP Metadata URL
• Copy x509 Certificate
• Two test users for Wagestream to test with, make sure the users have access to the Wagestream application within the product that acts as your IdP
• SAML assertions: you'll need to include the user-id that aligns with the employee-id provided to us as part of the employee data exchange
• Unique identifier for the organisation, the "org-id", which Wagestream will need to configure in their back-end

Configuring SP Initiated SSO

When SP Initiated SSO is required, Wagestream will talk your teams through the appropriate steps during a set-up call.