探花大神

Contact Us
Help Center Home > Apps and Integrations > Integrate with Paylocity

Integrate with Paylocity

Give your users convenient but secure Single Sign On (SSO) access to Paylocity using their 探花大神 credentials with the SSO integration. Import users from Paylocity to 探花大神 using the Identity Management (SCIM) integration. Save time and cost related to user account management and avoid mistakes, as well as potential security risks, related to manually creating users. 

Read this article to learn how to setup the Paylocity integration.

Prerequisites

  • A 探花大神 administrator account
  • 探花大神 SSO Package or higher or SSO 脿 la carte option
  • A Paylocity user account with administrator permissions
  • Your Paylocity company ID
  • View and Edit permission to the HR & Payroll > User Access > SSO Configuration Menu Item in Paylocity Security Role
  • Paylocity SCIM integration user credentials

Important Considerations

  • SSO is required for SCIM
  • Paylocity does not support configuration for SSO on a Company Set level
    • An SSO Integration must be created for each individual company within the set, as individuals are matched on both the Company ID and either the full work email address or Employee ID in which they reside in Paylocity. These attributes are set as part of the SSO configuration and are provided in the attributes of the SAML response
  • Authentication for the Identity Management (SCIM) integration is OAuth2.0
  • The Identity Management (SCIM) integration is only for importing new users from Paylocity to 探花大神:
    • It does not support provisioning or updating from 探花大神 to Paylocity
    • It currently only supports creating new users. Updates to users in Paylocity will not sync back to 探花大神

Attribute Considerations

  • A default set of attributes are managed for users. See the Attribute Mappings section for more details
  • The following attribute is not supported by 探花大神:
    • division

Configuring the SSO Integration

To configure 探花大神

  1. Access the .
  2. Go to Directory Integrations > HR Directories > Paylocity > Configure.
  3. Click Next.
  4. Enter a Display Label in the General Info tab. Optionally, you can enter a description and adjust the logo shown for the application.
  5. Click Save Application and then Configure Application.
  6. Select the SSO tab.
  7. In the IDP Entity Id field, replace YOUR_PAYLOCITY_COMPANY_ID with your Paylocity company ID to create a unique value, which is required by Paylocity (e.g., 探花大神-123456).
  8. Verify the Paylocity User mapping in the USER ATTRIBUTE MAPPING section.
    • Paylocity supports either the full work email address or employee Id for SSO login. The default is set to email but can be changed to the field where the Paylocity employee Id value is stored in 探花大神, (e.g., employeeIdentifier or a custom field.)
  9. In the CONSTANT ATTRIBUTES section, replace YOUR_PAYLOCITY_COMPANY_ID with your Paylocity company id for the PaylocityEntity mapping . 
  10. Click Save

Download the 探花大神 metadata file

  1. Find your application in the Configured Applications list and click anywhere in the row to reopen its configuration window.
  2. Select the SSO tab and click Export Metadata.
  3. The 探花大神-<applicationname>-metadata.xml will be exported to your local Downloads folder.

Tip:

Metadata can also be downloaded from the Configured Applications list. Search for and select the application in the list and then click Export Metadata in the top right corner of the window.

To configure Paylocity

  1. Log into Paylocity鈥檚 HR & Payroll.
  2. Select User Access" > SSO Configuration > SSO Integration > Add SSO Integration.
  3. Set the following values:
    • SSO Provider - 探花大神 SSO
    • Status - Active
    • Upload the Metadata file (xml) generated from the 探花大神
  4. Click Save
  5. After you have completed the above steps, you can start assigning people to the application.
    • Please ensure all users have a username and work email address in Paylocity鈥檚 HR & Payroll module
  6. For any questions, please contact your Paylocity Account Manager at [email protected]

Authorizing User SSO Access

Users are implicitly denied access to applications. After you connect an application to 探花大神, you need to authorize user access to that application. You can authorize user access from the Applications, Users List or User Groups 辫补驳别.听

To authorize user access from the Application’s page

  1. Log in to the .
  2. Go to USER AUTHENTICATION > SSO Applications, then select the application to which you want to authorize user access.
  3. Select the User Groups tab. If you need to create a new group of users, see Get Started: User Groups.
  4. Select the check box next to the desired group of users to which you want to give access.
  5. Click Save.听

To learn how to authorize user access from the聽Users or User Groups聽pages, see聽Authorize Users to an SSO Application.

Validating SSO user authentication workflow(s)

IdP-initiated user workflow

  • Access the
  • Go to聽Applications and click an application tile to launch it
  • 探花大神 asserts the user's identity to the SP and is authenticated without the user having to log in to the application

SP-initiated user workflow

  • Go聽to the SP application login - generally, there is either a special link or an adaptive username field that detects the user is authenticated through SSO