.png)
Authentication and Single Sign-On (SSO)
Besides standard username and password login, Trakstar Perform can be configured to authenticate users in your organization via SAML or LDAP.
Single sign-on is an advanced Trakstar Perform feature. If you would like to add this feature to your organization’s account, please contact us at perform@trakstar.com.
An admin must set up the SSO connection. If you need to grant access to a user to enable or make changes to your SSO configuration but do not want them to have access to anything else in the system, you should set them up as an Integrations Admin. Learn more here.
SAML
SAML (Security Assertion Markup Language) is an open-standard format for exchanging authentication and authorization data between an identity provider (your organization’s SAML provider) and a service provider (Trakstar Perform). Perform can integrate with any SAML 2.0 identity provider to achieve a seamless login experience. Once users have authenticated with your organization’s identity provider, they are granted one-click access to Trakstar Perform – simple, secure, and fast.
This allows Trakstar Perform to integrate with:
- OneLogin
- Okta
- Ping Identity
- Google Apps for Work (G Suite)
- Azure Active Directory
- Active Directory Federation Services (AD FS)
- … and more!
For instructions on how to set up Trakstar Perform with specific providers, see the following support articles:
- Setting Up OneLogin Authentication
- Setting Up Okta Authentication
- Setting Up G Suite (Google Apps for Work) Authentication
- Setting Up Azure Active Directory Authentication
For more information on setting up SAML in general, see our support article on configuring SAML in Trakstar Perform.
LDAP
LDAP (Lightweight Directory Access Protocol) is a protocol used primarily by Microsoft services, like Active Directory (AD), to locate user accounts, organizations, and other resources. Trakstar Perform can integrate with any LDAP or LDAPS server, allowing you to connect Trakstar Perform to your organization’s existing directory. Upon login, Trakstar Perform will check usernames and passwords against your LDAP server, keeping these credentials in sync with Trakstar Perform.
For more information, see our support article on configuring LDAP in Trakstar Perform.
NOTE: Trakstar Perform is a cloud-based application, and our servers must be able to communicate with your LDAP server. If your LDAP server is protected by firewalls or additional network security, your organization must allow Perform’s servers access. Our application does not support connecting to your organization’s VPN or local network. For more information, please contact integrations@trakstar.com.
Setup
Trakstar Perform allows administrators to configure and test both LDAP and SAML integrations. If you already have users on your Trakstar Perform system, don’t worry – you can verify that everything is working properly before enabling LDAP or SAML for your entire organization. See the individual guides for more information.
Note: If you have SSO enabled, we highly recommend editing the Welcome Email before sending it to your employees. Otherwise, it will include non-relevant information about their login name and password. You can learn more about editing the Welcome Email - and all emails! - here. We suggest the following text:
Hello {{recipient_first_name}},
Your Trakstar Perform account has been created or updated. Single Sign-On (SSO) has been enabled for your account.
Follow this link to get started now - you'll enter COMPANY NAME and then choose "Click here to log in with your SSO provider": {{login_link}} Thanks,
COMPANY NAME HR Team