Skip to main content

Setting Up Single Sign‑On (SSO) for PrismHR

Lets employees launch Connecteam from PrismHR with one click. Requires PrismHR payroll integration.

Shahaf Fontyn avatar
Written by Shahaf Fontyn
Updated yesterday

In this article, you’ll learn how to configure PrismHR so employees can open Connecteam seamlessly via Single Sign‑On (SSO).


Before You Start

Make sure you have everything ready before diving in:

  1. PrismHR payroll integration is active – SSO builds on the secure data link created during payroll setup.
    How to integration with PrismHr

  2. Web Service User with the endpoint SignOnService.validateTssoToken enabled – this endpoint validates the secure token PrismHR sends to Connecteam (see Omer Vered’s payroll-integration guide if you still need to configure it).

  3. Matching email addresses for each user in PrismHR and Connecteam – Connecteam matches users by email. If they don’t match, the employee will be redirected to the regular Connecteam login page instead of being auto‑logged in.

Tip: Keep PrismHR and Connecteam open in separate browser tabs—you’ll switch between them during setup.


Step 1 – Create the SSO Service in PrismHR

  1. In PrismHR, go to System Parameters.

  2. Click Actions › SSO Services.

  3. Select Add New Service and fill in:

    • Service ID – any unique value (e.g., CTM_SSO).

    • Description – something recognisable (e.g., Connecteam SSO).

    • TypeExternal.

    • Service DestinationOutbound.

    • Service URLhttps://app.connecteam.com/api/Login/Sso/PrismHR/Redirect/
      This URL routes users from PrismHR to Connecteam and passes the secure token.

  4. Click Save.


Step 2 – Create a Custom Process for the PEO

  1. Still in System Parameters, click Actions › Custom Process.

  2. Select Add New Process and complete:

    • Process ID and Name – your choice (e.g., CTM_LAUNCH).

    • Category / Sub‑Category – choose where the item will appear in PrismHR.

    • Check Display in Menus and Display in Search so your staff can find it.

    • SSO Forms → SSO Service – pick the service you created in Step 1.

    • SSO ActionTandem SSO.

    • Check External App.

  3. Click Save.

Troubleshooting: If the new process doesn’t show up immediately, clear your browser cookies and refresh PrismHR. In most cases this forces PrismHR to pull the latest configuration.


Step 3 – Add the SSO Link to the Employee Portal Menu

  1. Go to Configuration Templates.

  2. Choose the template used by the employees who need Connecteam access (often the Default template).

  3. Click Edit → open the Menu tab.

  4. Click New Top‑Level Menu, then Edit to configure it:


    Title – what users will see (e.g., Connecteam).

    • Component – select Single Sign‑On.

    • SSO Service – pick the service you created earlier.

    • Launch in new tabEnabled (highly recommended for best UX).

    • Menu Visibility – choose Employee or Employee & Manager.
      ⚠️ Known issue: Manager view currently has a display bug—choose Employee‑only if managers don’t need access.

    • Select an icon, then Save.

Save the configuration template.


Step 4 – Test the Connection

  1. Log in to PrismHR as an employee who should have Connecteam access.

  2. Click the new Connecteam menu item.

  3. Confirm that Connecteam opens in a new tab without asking for credentials.

  4. Repeat the test with at least one additional employee to verify permissions.

If everything works, you’re done! 🎉


Common Issues & Fixes

Symptom

Likely Cause

Quick Fix

User is redirected to Connecteam login page

Email address mismatch between PrismHR and Connecteam

Ensure the employee’s email is identical in both systems, then retry.

Users see a blank page after clicking Connecteam

Service URL typo

Double-check the URL in Step 1.

"Invalid token" error in Connecteam

Web Service User missing validateTssoToken

Confirm the endpoint is enabled and the user has permission.

Menu item not visible

Template cache

Clear cookies or log out/in again.


Need help? Contact our Support team through the in‑app chat—24/7 and happy to help.

Did this answer your question?