User Role: This process requires an Organization Administrator to initiate and must be executed in collaboration with an Internal IT Specialist.
The Value of Enabling SSO (The Employee & Admin Win)
Enabling Single Sign-On significantly improves the security and efficiency of your benefits platform:
Employee Experience: No new passwords to remember! Employees gain seamless, one-click access, making platform adoption easier.
Security: Leverages your organization’s existing, trusted security protocols and multi-factor authentication (MFA).
Onboarding: Simplifies the access process for new hires.
Getting Started: The 4-Step Action Plan
IMPORTANT NOTE: This process requires technical configuration within your organization's identity provider (IdP). Please coordinate this effort with your internal IT specialist.
This implementation is a collaborative effort:
Choose: The Pendant Admin and IT Specialist decide together whether to use the SAML or OAuth protocol.
Configure: The IT Specialist sets up Pendant as a trusted application in your IdP.
Share: The IT Specialist provides the necessary metadata/endpoints to the Pendant support team.
Test & Launch: The Pendant team and IT Specialist validate the connection and finalize the rollout.
Detailed Guide for Your IT Specialist
Share this section directly with your IT team to ensure they have the necessary technical specifications.
Step 1: Choose Your Protocol
Pendant supports both SAML 2.0 and OAuth 2.0.
SAML (Recommended for most): The industry standard used by providers like Okta, Azure AD, and Google Workspace.
OAuth: Best if you are primarily using a proprietary OAuth service or a similar custom setup.
Step 2: Technical Configuration Details
This step involves setting up Pendant as a new application within your identity provider.
If your organization is using SAML, your IT specialist will need the following information:
ACS (Assertion Consumer Service) URL: https://app.pendant.io/sso/saml/acs
Entity ID / Audience URI: https://app.pendant.io/sso/saml/metadata
Required Attribute: email
Optional Attributes: firstName, lastName
If your organization is using OAuth, your IT specialist will need the following information:
Redirect URI: https://app.pendant.io/sso/oauth/callback
Need a SAML Metadata XML File? We can provide an XML file to make configuration faster. Simply reach out to your Pendant representative or email us at support@pendant.io to request it.
Step 3: Sharing Your IDP Information with Pendant
Once your IT team has configured the app in your identity provider, you will need to send us the connection details so we can complete our side of the setup.
If you are using SAML, please send us your IdP’s Metadata XML File (preferred) OR the SSO Endpoint URL and Certificate.
If you are using OAuth, please send us your Authorization URL, Token URL, Client ID, and Client Secret.
Step 4: Validation and Rollout
After Pendant receives and implements your configuration details, the following steps are required before a full launch:
Test Login: Your IT team should test logging in to Pendant using the new SSO setup.
Attribute Check: Confirm that all required user data (especially the email attribute) is mapping correctly to the Pendant platform.
Pilot Group: Test access with a small group of test users before announcing the change organization-wide.
Final Confirmation: Once testing is complete, notify your Pendant contact that the connection is validated and ready for full activation and user provisioning.
Need Help? (Proactive Support)
If you or your IT team encounter any roadblocks or have specific questions about integrating with your chosen Identity Provider (IdP), please do not hesitate to reach out:
Email: support@pendant.io
Contact: Reach out directly to your Pendant representative.