Who this guide is for: IT and System Administrators
Overview:
Single Sign-On (SSO) lets users log in once via a central identity provider (IdP) and access multiple applications without re-entering credentials. edays supports SSO integrations with popular IdPs (e.g. Microsoft Entra ID, ADFS, Okta, and more), providing seamless access while centralising authentication.
What is SSO?
SSO is an authentication method where users authenticate with a single set of credentials at an identity provider. Once logged in, they gain access to any connected application without further sign-in prompts. Benefits include:
- Improved user experience (one click to access multiple services)
- Centralised access control and auditing
- Streamlined user provisioning
How edays Supports SSO
edays can connect to any SAML 2.0-compliant IdP. When configured, users click your organisation’s login portal and are routed through the IdP’s authentication flow. edays does not itself enforce MFA/2FA; instead, any multi-factor policies must be enforced at the IdP level.
New SSO Configuration
To set up SSO for the first time if you are an existing client:
- Contact the Customer Success team (customersuccess@e-days.com) for initial requirements.
- The Support team will provision your SSO configuration on the edays side and provide you with:
- Assertion Consumer Service (ACS) URL
- edays Entity ID
- Work with your IdP to configure a new SAML application using the ACS URL and Entity ID.
- Provide the Support team with your IdP’s metadata XML (or metadata URL).
- Once Support team have confirmed that the above has been configured, ensure that users have the intended SSO ID (via User import/export tool)
- Confirm that users can successfully SSO into edays.
Changing SSO Providers
If you already use SSO with edays but need to switch your IdP (e.g. from ADFS to Entra ID):
- Submit a request to edays Support for your system's ACS URL and Entity ID.
- In your new IdP, configure edays as a SAML application using the provided values.
- Export your new IdP’s metadata XML plus the public certificate in Base64 “.cer” format.
- Send both to edays Support to complete the switchover.
- Verify SSO login with pilot users before broad rollout.
Expired/expiring SSO Certificate
If your SAML certificate expires, users will be unable to authenticate. To renew:
- Generate a new certificate from your IdP.
- Send the new Base64 “.cer” certificate file to edays Support.
- edays will update the certificate on our end - it is recommended to communicate an appropriate date and time for the switch in advance.