Single Sign-On is an added feature for the ADP and Employee Navigator payroll integration, and can only be implemented for a group who has the payroll integration already Live. The Single Sign-On (SSO) functionality will allow employees to seamlessly log in to Employee Navigator, without a username or password when they access the SSO link within their self-service portal in ADP.
This article will cover:
- Adding the SSO to your ADP Application
- Accessing the SSO in ADP
- Logging into Employee Navigator via the SSO
- FAQs
Adding the SSO to your ADP Platform
Each company will need to have the SSO link added to the Employee home page within the ADP application. A user with administrative access to the company configuration will need to set this up.
ADP Workforce Now®
The URL below will need to be added in either MyADP or from the Configure Homepage button within Workforce Now.
From MyADP:
The URL below will need to be added in MyADP within Workforce Now.
- To add a link, an Administrator will go to my.adp.com.
- Once logged in, navigate to the Admin link on the left-hand navigation.
- From there, click “Links” across the top. Click “Add Link”.
- This will prompt the addition of a URL. This URL is case-sensitive, so be sure to copy it exactly as is:
https://www.employeenavigator.com/benefits/account/login?idp=AdpWorkforceNow
Give your link a name, such as “Benefits” or “Employee Navigator”. Save. From there, you can click and drag the link to display on the page you would like it to. Make sure the page is set to “Visible” by clicking on the ellipses. The link is now available for employees.
From Configure Homepage:
Once an Administrator is logged in to Workforce Now
- Click on the “Configure Homepage” button at the top right of the page.
- Next, either “Add New Tile” or “Add Content” on an existing tile.
- Add a title such as “Benefits” or “Employee Navigator”, for example, and select the “Links” option.
- This will prompt the addition of a URL. This URL is case-sensitive, so be sure to copy it exactly as is:
https://www.employeenavigator.com/benefits/account/login?idp=AdpWorkforceNow
Click “Add” and “Save”. Make sure the link is visible on the home page.
RUN Powered by ADP®
The URL below will need to be shared with your employees to bookmark and use to access Employee Navigator. ADP RUN does not have 'Quick Link' functionality to allow HR to create a link within the RUN user interface for employees to use the SSO.
https://www.employeenavigator.com/benefits/account/login?idp=AdpRun
- If an employee is already logged into ADP RUN, then this link will re-direct them to EN
- If an employee is not logged into ADP RUN, this link will take them to Employee Navigator to log in with their normal credentials (no SSO flow).
ADP Workforce Now® Next Generation
The URL below will need to be added in either MyADP or from the Configure Homepage button within Workforce Now Next Generation.
From MyADP:
The URL below will need to be added in MyADP within Workforce Now.
- To add a link, an Administrator will go to my.adp.com.
- Once logged in, navigate to the Admin link on the left-hand navigation.
- From there, click “Links” across the top. Click “Add Link”.
- This will prompt the addition of a URL. This URL is case-sensitive, so be sure to copy it exactly as is:
https://www.employeenavigator.com/benefits/account/login?idp=AdpWorkforceNowNextGen
Give your link a name, such as “Benefits” or “Employee Navigator”. Save. From there, you can click and drag the link to display on the page you would like it to. Make sure the page is set to “Visible” by clicking on the ellipses. The link is now available for employees.
From Configure Homepage:
Once an Administrator is logged in to Workforce Now
- Click on the “Configure Homepage” button at the top right of the page.
- Next, either “Add New Tile” or “Add Content” on an existing tile.
- Add a title such as “Benefits” or “Employee Navigator”, for example, and select the “Links” option. This will prompt the addition of a URL.
- This URL is case-sensitive, so be sure to copy it exactly as is:
https://www.employeenavigator.com/benefits/account/login?idp=AdpWorkforceNowNextGen
Click “Add” and “Save”. Make sure the link is visible on the home page.
Accessing the SSO in ADP
In ADP WorkForce Now: To access the SSO link, an employee will navigate to the tile or link that their company administrator has set up within their specific ADP application. The name of the link and its location is customizable by company, so check with your Payroll Administrator on where your organization’s specific Single Sign-On link is.
In ADP RUN: An employee can click the link provided to be re-directed to Employee Navigator.
Logging in to Employee Navigator via the SSO
We have made the SSO an addition to our current login process, that way an employee can log in via SSO from their ADP application or directly from www.employeenavigator.com. There are a few ways that ADP clients can log into our system:
- Have previously registered in EN and continue using local login credentials to log in from employeenavigator.com
- Have previously registered in EN and utilize the SSO from within ADP’s self-service portal.
- Have never previously registered in EN and only utilize the SSO from within ADP's self-service portal.
- Only utilize the SSO from within ADP and then create local login credentials directly within EN
If an HR Admin user wishes to see if an employee has used SSO before or if they have local login credentials, they will be able to navigate to the employee’s Manage Login page within Employee Navigator. There will be three icons that will be visible:
Used for SSO icon: This icon would be displayed for any logins that have used SSO to log into our system, whether by an auto-provisioned account or an account that has both local login credentials and SSO login. This will be visible from the employee’s Manage Login page.
Auto-provisioned icon: This would be set to true for any auto-provisioned login records. This flag would never be changed and signifies the origins of the login record. This will be visible from the employee’s manage login page.
Last SSO Login: This time and date stamp will show the last time the account was used as part of an SSO flow, regardless of the record's origin. If null, this would mean that the account has never been used for SSO. This will be visible from the employee’s Manage Login page.
An HR Admin user will still have the capability to send registration emails or password reset emails directly from the employee’s Manage Login page, if the employee has an email on file. Employees who have only used SSO will be able to complete the registration process if they wish to sign into Employee Navigator directly. This enhancement will allow users to utilize both the SSO and log in to EN directly if they so choose.
If the employee user has only logged in to Employee Navigator via SSO from ADP’s self-service portal, a message will be displayed on their Manage Login page that says: “This user does not have login credentials. They currently only access Employee Navigator using a single-sign-on (SSO) experience from an external partner. To enable them to also log in using a username and password, you can click the button below to send a registration email to the user.”
If the employee user has only logged in via SSO from ADP's self-service portal and does not have an email address in Employee Navigator, the following message will be displayed on their Manage Login page that says: This user does not have login credentials. They currently only access Employee Navigator using a single-sign-on (SSO) experience from an external partner. If this user wishes to also log in using a username and password, they can register using the "Register as a new user" link on the Login page. You'll need to provide them with the Company Identifier which is needed to complete that process.”
HR Admin users will not be able to utilize the SSO functionality at this time. If an HR User does click on the “Employee Navigator” link within ADP, they will receive the following message: “For security purposes, your Employee Navigator account does not allow access to Single Sign-on from ADP. You can log in here using your current Employee Navigator username and password.”
FAQs
Does this work with ADP's mobile app?
It does not. The SSO will solely work with the MyADP or Company homepage, wherever HR decides to set up the SSO link itself.
Can any company integrated with EN and ADP utilize SSO?
Yes! The SSO is available for our Workforce Now, Workforce Now Next Gen, and Run clients. A company administrator must set up the appropriate link within the ADP application (see instructions above) to provide employees access to the SSO capabilities. As a reminder, the SSO will only work for employees.
Is there a cost?
No, this is an added benefit to your existing ADP integration.
What are some of the benefits of utilizing SSO between an ADP platform and Employee Navigator?
- Streamline the user experience for employees that log in to ADP and need to make benefit changes in Employee Navigator.
- Remove the need to remember two sets of login credentials.
What if I already registered in EN and try to use that login information outside of SSO?
No worries! We have enabled our system to allow you to do so.
What happens if I want to log in to EN outside of SSO?
You can complete the registration within EN and create a username and password that will not impact your SSO login.
Is 2FA enabled for employees logging in to EN through ADP?
No, 2FA will not be required if an employee accesses EN through SSO in ADP. Only when an employee logs directly into EN, will 2FA be required.
What if I do not see the ability to add a link as a company administrator within my ADP platform?
We recommend that you reach out to ADP to check permissions and help get you the right access to be able to do so.
What if I set up the link but my employees tell me they can't SSO into Employee Navigator?
Because this setup is not automated, we recommend double-checking a couple of areas:
1. From the list of links above, did you choose the URL that is associated with your ADP platform?
2. Verify there were no errors when copying and pasting the URL from above. Any extra spaces, misspellings, extra characters, etc., will prohibit the link from providing a working SSO.
Comments
0 comments
Article is closed for comments.