Configuring SAML SSO for CakeHR

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and CakeHR.

Login to ADSelfService Plus as an administrator.
Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select CakeHR from the applications displayed.
Note: You can also find CakeHR application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
Click IdP details in the top-right corner of the screen.
In the pop-up that appears, copy the Login URL and SHA1 Fingerprint Download Certificate.

Login to CakeHR account with administrator’s credentials.
Navigate to Profile → Settings → Integration → SAML SSO
Enter the Entity ID (cake.hr)
Paste the Login URL, copied in Step 4 of Prerequisite, in Authentication field.
Paste the fingerprint, copied in Step 4 of Prerequisite, in the Fingerprint field.
Click Save..

Now, switch to ADSelfService Plus’ CakeHR configuration page.
Enter the Application Name and Description.
In the Assign Policies field, select the policies for which SSO need to be enabled.
Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
Select Enable Single Sign-On.
Enter the Domain Name of your CakeHR account. For example, if you use johndoe@thinktodaytech.com to log in to CakeHR, then thinktodaytech.com is the domain name.
Enter the SP Identifier name of your CakeHR portal, in the SP Identifier field. For Eg. https://<sp_identifier>.cake.hr
In the Name ID Format field, choose the format for the user login attribute value specific to the application.

Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.

Note: For CakeHR, single sign-on is supported for both IDP initiated flow and SP initiated flow.