Skip to main content
Xoxoday Empuls integrates with Active Directory Federation Services (ADFS) via SAML 2.0, supporting both IdP-initiated and SP-initiated Single Sign-On with certificate-based authentication and no additional licensing required.
ADFS (Active Directory Federation Services) is Microsoft’s on-premises identity provider used by enterprises to centralise authentication across internal and external applications. Xoxoday Empuls integrates with ADFS using SAML 2.0, the industry-standard protocol for secure, federated Single Sign-On, so your employees authenticate once and access Xoxoday Empuls without managing a separate set of credentials.

How the SSO flow works

Xoxoday Empuls supports both IdP-initiated and SP-initiated login. In an IdP-initiated flow, employees click the Xoxoday Empuls tile from your corporate portal or ADFS dashboard and are signed in immediately. In an SP-initiated flow, employees navigate directly to Xoxoday Empuls, which redirects them to ADFS for authentication before granting access. Both flows rely on cryptographically signed SAML assertions exchanged between ADFS and Xoxoday Empuls, keeping the handshake tamper-proof.

Claim mapping and user attribute sync

Attribute claim mapping lets your IT team pass user details — including name, email address, department, and employee ID — from Active Directory into Xoxoday Empuls automatically. This eliminates duplicate data entry and keeps employee profiles accurate from day one without requiring manual imports or ongoing reconciliation.

MFA and conditional access inheritance

Any Multi-Factor Authentication or conditional access policies already configured in ADFS apply automatically when employees access Xoxoday Empuls. If your organisation enforces MFA for external applications, those rules are honoured without any separate configuration inside Xoxoday Empuls. This makes the integration particularly valuable for organisations operating under compliance frameworks such as ISO 27001 or SOC 2 Type II, where uniform access controls across all systems are a hard requirement.

Fitting into your Microsoft ecosystem

For organisations running Microsoft environments alongside tools such as Microsoft Teams or Workday, Xoxoday Empuls fits naturally into the existing identity and access management landscape. The ADFS integration means Xoxoday Empuls is not an authentication outlier — it respects the same policies, the same session controls, and the same directory as every other federated application in your estate.

Setup and licensing

Configuration is handled within the Xoxoday Empuls admin panel alongside your ADFS relying party trust setup. No additional licensing is required on either side. Once metadata is exchanged and claims are mapped, the Single Sign-On experience is live for all users in scope, typically within a single configuration session. Learn more: Empuls Help Centre — General

Azure AD SSO Integration

Learn how Xoxoday Empuls connects with Microsoft Entra ID (Azure AD) for cloud-based Single Sign-On using SAML 2.0 and OIDC.

SAML 2.0 SSO Setup Guide

Step-by-step guidance for configuring SAML 2.0 Single Sign-On in Xoxoday Empuls, including metadata exchange and attribute mapping.