1. Click "Menu"

2. Click "Settings"

3. Click "Single Sign-On"

4. Dual Login Option: When set to yes, the employee and admin accounts will be able to sign on using single sign-on. When set to no, only admin accounts will have the ability to sign in using single sign-on.

Single Sign-on Enabled: This toggle option allows for single sign-on settings to be enabled and displayed below.

SSO Provider: Depending on your email system, this value should be:

• "Google" if you use Gmail
• "AD" if you use Office 365
• "OneLogin" if you have OneLogin

5. Here are the links on how to add new SAML apps in Google and Microsoft Azure/Office 365. You will need to complete the setup there first before you can finish the configuration in Helios.

Microsoft Azure: https://learn.microsoft.com/en-us/power-pages/security/authentication/saml2-settings-azure-ad
AND https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-setup-sso

Google: https://support.google.com/a/answer/6087519?hl=en

Now that we the setup started, let's gather some information from this screen we are going to need for the setup in Google or Azure.

In Google/Azure you will be creating 2 separate apps (if you do not have the employee portal module then you will only create 1).

App #1 is the Admin portal. For this you will need the following information from the Helios SSO Settings page:

1. "Helios Admin Portal Url to Redirect to" value will be used for the ACS URL in Google or the Reply URL in Azure.
2. "SSO Certificate" will be used for the Entity ID in Google and Azure.

App #2 is the Employee portal. For this you will need the following information from the Helios SSO Settings page:

1. "Helios Emp Portal Url to Redirect to" value will be used for the ACS URL in Google or the Reply URL in Azure.

If also using the Helios Job Portal, SSO can be set for Administrators to login with SSO:

1. Redirect to: https://gethelios.com/JOB-PORTAL-URL/Account/SSOLogin?sso=1
2. Entity ID: JOB-PORTAL-URL
   1. Example, for the URL https://gethelios.com/sandbox5-jobs the JOB-PORTAL-URL = sandbox5-jobs
3. Send support@heliosed.com a message with the above so that we can complete the process[[.]]

6. You will also need these field mappings - save a copy of this image for reference.

Now, go ahead and finish the implementation on your end and come back here once complete to input the data on our end so we can link up your newly created SAML apps to Helios.

7. SSO URL Put the SSO URL from your newly created HR Admin Portal SAML app here.

SSO Key: Copy the SSO Certificate here. Make Sure to remove the ------BEGIN CERTIFICATE and the -------END CERTIFICATE

SSO Emp URL: Put the SSO Emp URL from your newly created Employee Portal SAML app here.

8. It usually takes Google or Microsoft about an hour to push the SSO settings so please wait before you test the single sign-on.

When ready, you can test your Settings. Log out of Helios and when you are at the main log-in screen click the Admin and Employee Portal buttons to make sure the configuration is set up correctly.