2. Click on SAML
3. Fill in the following information:
IdP SSO target URL: This is the ADFS URL that will process the SAML payload from Bonusly. E.g. https://adfs.yourcompany.com/adfs/ls/
IdP Issuer: ADFS Issuer URL, e.g http://adfs.yourcompany.com/adfs/services/trust
IdP Cert X509 OR Fingerprint: Copy over the X509 Cert or Fingerprint from ADFS.
Save the integration
4. Set up Relying Party in ADFS:
Endpoint Tab
Advanced Tab
Identifiers Tab
Relying party identifier should be your SP issuer within Bonusly as found on your Integrations > SAML page.
5. Set up Claim Rules in ADFS:
Claim rules should be ordered so that the "Get email" rule comes before the "Email to NameID" rule.
Get email rule
Email/nameID Transform
6. Testing Single Sign On
Once you've configured SSO, you can test it as followed:
IdP-initiated SSO:
Log out of Bonusly
Log in to your IdP (e.g. Okta, OneLogin, etc)
Click on the Bonusly app in your app panel
SP-initiated SSO:
Log out of Bonusly
Visit the URL https://bonus.ly/saml/APP_ID/index (where APP_ID is the "App Id" provided on the SSO configuration page in Bonusly)
Restricting Login Methods
Once you have tested SSO and verified that it is working, you can restrict sign on methods for your Bonusly account to require that users authenticate via SSO. This is more secure and makes it so that your employees don’t need to remember passwords for Bonusly.
To restrict to SAML SSO only:
Go to Company Settings.
Click “Show advanced settings”.
Check “Restrict to Single Sign On”.
Save Settings
Still need help signing up? Shoot us a message at [email protected] and we'll get you squared away!