Empuls integrates with SAML 2.0 and OAuth 2.0 identity providers — including Active Directory/ADFS, Office 365, and Google Workspace — so employees authenticate with existing credentials while every MFA rule your organisation enforces remains fully in effect.
Standards-based SSO across your identity stack
Empuls supports Single Sign-On via SAML 2.0 and OAuth 2.0, plugging into whichever identity provider your IT team manages. Whether your organisation runs Microsoft Active Directory/ADFS, Office 365, or Google Workspace, employees log in to Empuls using the same credentials they use for every other enterprise tool — no separate account, no new password to remember. For organisations that have connected Empuls alongside collaboration tools like Microsoft Teams or Slack, this creates a genuinely frictionless experience. Staff access recognition feeds, nominate peers, and redeem rewards in one click, surfaced directly inside the tools they already work in.Your MFA policies, fully respected
When SSO is active, Empuls delegates authentication entirely to your identity provider. If your IT policy requires employees to confirm logins via an authenticator app, SMS code, or a hardware USB token, those requirements apply to Empuls logins automatically. Empuls honours IdP-enforced MFA rules without weakening or bypassing them. This matters particularly in environments where HRIS platforms like Workday, SAP SuccessFactors, or Darwinbox already govern strict access controls. Because Empuls sits within the same SSO umbrella, your security posture stays consistent across every system in your HR tech stack — a single policy change in your IdP propagates everywhere.Secure by design
Every login to Empuls travels over HTTPS/TLS. Authentication is handled by a dedicated Auth service, and access within Empuls is governed by role-based access controls that determine what each user can see and do. These architectural choices underpin Empuls’s compliance with ISO 27001 and SOC 2 Type II standards, giving enterprise security and audit teams a verifiable foundation to work from.A practical example
Consider an organisation running Office 365 with Okta as its IdP and a conditional access policy requiring MFA for all HR tools. Once Empuls is registered as a SAML application in Okta, the employee experience is a single click from the Office 365 app launcher. Okta prompts for MFA exactly as it does for every other application, then passes a verified session to Empuls. IT retains complete control; employees experience no additional friction. For organisations already using Microsoft Teams, Empuls surfaces recognition notifications and reward updates directly in channels, with authentication flowing through the existing Microsoft identity layer throughout. Learn more: Empuls Help Centre — GeneralHow does Empuls handle data security and encryption?
Learn about Empuls’s encryption standards, data-at-rest and in-transit protections, and its ISO 27001 and SOC 2 Type II certifications.
What role-based access controls does Empuls provide?
Understand how admin, manager, and employee roles are configured in Empuls to ensure the right people see the right data.