Single Sign-On (SSO)
GIRITON allows users to log in using a username and password, and also offers logging in via Single Sign-On. If your company uses SSO, there is no need to create separate usernames and passwords for users in GIRITON. In a single corporate account, you can have users who exclusively log in via SSO, users who exclusively log in using a username and password, and users who can log in either via SSO or a username and password.
To determine which user can log in using SSO, you can set it in the Human Resources agenda on the Web Application Account tab by activating the checkbox SSO Login Enabled.
When logging in to GIRITON via SSO, the user's login from SSO is compared to the login in GIRITON. For example, suppose your SSO login is "vas@login.com". In that case, you need to have the same login filled in GIRITON in the Human Resources agenda on the Web Application Account tab (you do not need to fill in a password if the user is only logging in via SSO).
Microsoft Entra ID (formerly AzureAD, Azure Active Directory)
In the Azure portal, select the Entra ID account from which you will need the following information: Directory (Tenant) ID, Application (client) ID, and App secret. In the Azure portal, you can generate these details by following these steps. Note that when filling in the "Redirect URI", please provide the web address of your attendance account (in the format "https://yourcompany.giriton.com"), including "https://" at the beginning.
For GIRITON web applications, log in as a user with Administrator permissions. Go to User Menu > Settings and switch to the SSO Login tab in the dialog. Fill in all the values from Entra ID as mentioned above and save the changes. This will activate the option to log in to GIRITON via SSO. A "Log in with Microsoft Azure AD" button will be added to the GIRITON login dialog.
Okta
Go to Applications > Create App Integration > OIDC - OpenID Connect > Web Application in the Okta administrative. Fill in the following options here:
- App integration name: GIRITON SSO
- Grant type: Authorization Code, Refresh Token
- Sign-in redirect URIs: fill in the web address of your attendance account (in the format "https://vasefirma.giriton.com") including "https://" at the beginning.
- Sign-out redirect URIs: fill in the web address of your attendance account (in the format "https://vasefirma.giriton.com") including "https://" at the beginning.
- Assignments: Controlled access: set as needed
Save changes.
Subsequently, you will need the following data from the newly created Okta Application:
- Client ID (something like 1pdb2iqetsRn46OaW789)
- Client Secret (appears after clicking the "eye" icon)
- Client URL (something like trial-7366426.okta.com, or another domain of yours from Okta)
Log in to the GIRITON web application as a user with Administrator rights. Go to User Menu > Settings and switch to the SSO Login tab in the dialog. Fill in all the values from Okta see above and save the changes. You have thus activated the option to log in to GIRITON via SSO. The "Log in via Okta" button will be added to the GIRITON login dialog.