Single Sign-On is an added feature for the Paylocity and Employee Navigator payroll integration. The Single Sign-On (SSO) functionality will allow employees to seamlessly log in to Employee Navigator, without a username or password when they access the SSO link within their self-service portal in Paylocity.
This article will cover:
Accessing the SSO in Paylocity
To access the SSO link, an employee will navigate to the menu on the left-hand side of their Paylocity account (Self Service) and click on “Employee Navigator".
Logging in
We have made the SSO an addition to our current login process, that way an employee can log in via SSO from Paylocity or directly from employeenavigator.com. There are a few ways that Paylocity clients can log into our system:
- Have previously registered in EN and continue using local login credentials to log in from employeenavigator.com
- Have previously registered in EN and utilize the SSO from within Paylocity's self-service portal.
- Have never previously registered in EN and only utilize the SSO from within Paylocity's self-service portal.
- Only utilize the SSO from within Paylocity and then create local login credentials directly within EN
If an HR Admin user wishes to see if an employee has used SSO before or if they have local login credentials, they will be able to navigate to the employee’s Manage Login page within Employee Navigator. There will be three new icons that will be visible:
Used for SSO icon: This icon would be displayed for any logins that have used SSO to log into our system, whether by an auto-provisioned account or an account that has both local login credentials and SSO login. This will be visible from the employee’s Manage Login page.
Auto-provisioned icon: This would be set to true for any auto-provisioned login records. This flag would never be changed and signifies the origins of the login record. This will be visible from the employee’s manage login page.
Last SSO Login: This time and date stamp will show the last time the account was used as part of an SSO flow, regardless of the record's origin. If null, this would mean that the account has never been used for SSO. This will be visible from the employee’s Manage Login page.
An HR Admin user will still have the capability to send registration emails or password reset emails directly from the employee’s Manage Login page, if the employee has an email on file. Employees who have only used SSO will be able to complete the registration process if they wish to sign into Employee Navigator directly. This enhancement will allow users to utilize both the SSO and log in to EN directly if they so choose.
If the employee user has only logged in to Employee Navigator via SSO from Paylocity's self-service portal, a message will be displayed on their Manage Login page that says: “This user does not have login credentials. They currently only access Employee Navigator using a single-sign-on (SSO) experience from an external partner. To enable them to also log in using a username and password, you can click the button below to send a registration email to the user.”
If the employee user has only logged in via SSO from Paylocity's self-service portal and does not have an email address in Employee Navigator, the following message will be displayed on their Manage Login page that says: This user does not have login credentials. They currently only access Employee Navigator using a single-sign-on (SSO) experience from an external partner. If this user wishes to also log in using a username and password, they can register using the "Register as a new user" link on the Login page. You'll need to provide them with the Company Identifier which is needed to complete that process.”
HR Admin users will not be able to utilize the SSO functionality at this time. If an HR User does click on the “Employee Navigator” link within Paylocity, they will receive the following message: “For security purposes, your Employee Navigator account does not allow access to Single Sign-on from Paylocity. You can login here using your current Employee Navigator username and password.”
FAQs
Can any company integrated with EN and Paylocity utilize SSO?
Yes! Single Sign-On is enabled for any mutual client and will be added automatically for any new clients coming on board.
Is there a cost?
No, this is an added benefit to your existing Paylocity integration.
What are some of the benefits of utilizing SSO between Paylocity and Employee Navigator?
- Streamline the user experience for employees that log in to Paylocity and need to make benefit changes in Employee Navigator
- Remove the need to remember two sets of login credentials
What if I already registered in EN and I try to use that login information outside of SSO.
No worries! We have enabled our system to allow you to do either.
What happens if I want to log in to EN outside of SSO?
You can complete the registration within EN and create a username and password that will not impact your SSO login.
Is 2FA enabled for employee's logging in to EN through Paylocity?
No, 2FA will not be required if an employee accesses EN through SSO in Paylocity. Only when an employee logs directly into EN, will 2FA be required.
What if I do not want SSO enabled for my company?
No worries! Reach out to eenavsupport@paylocity.com to kindly request to opt-out of SSO.
Notes to be aware of:
- Employee Payroll IDs are the unique identifiers used by an SSO to link the record and allow access from Payroll to Employee Navigator. If an employee's Payroll ID is blocked from the integration, then the SSO will not be available for them to use until it is unblocked within the Payroll tab in EN --> Blocked demographic list.
- Paylocity no longer supports Microsoft Internet Explorer, as Microsoft has officially ended support for the browser. Due to potential security vulnerabilities, Paylocity strongly recommends to cease usage of Internet Explorer.
- Unsupported browsers may continue to work, but there can be performance and security issues for which Paylocity is not responsible.
- While the mobile and Chrome OS versions of Google Chrome and Mozilla Firefox may work in some areas of the system, Paylocity cannot guarantee 100% compatibility in all areas of the system.
- For security reasons, never use an unsecured Wi-Fi connection. Paylocity recommends a strong LAN connection or a secured Wi-Fi connection of 50 Mbps or higher.
Comments
3 comments
the quick reference guide attached is populating a blank page.
Hi Kristen!
I would expect the link to auto-download the PDF, allowing it to be opened in your browser. I just tested the link with Chrome, Edge and Firefox, and was able to view the Single Sign On guide. May I recommend trying a different browser and navigating to 'My Downloads' & opening it there? Let me know if it works for you.
Thanks!
I can't login to do the benefits
Please sign in to leave a comment.