< All Topics

Authentication And Provisioning

This article is an introduction to the user authentication and provisioning options available on LeaveWizard for companies. LeaveWizard normally uses a username and password pair for user identity authentication. However, we also provide for SAML (Security Assertion Markup Language) authentication so you can integrate with any SAML 2.0 enabled identity provider (IdP). Your users can then log into LeaveWizard using the same SSO (Single Sign On) credentials they used to log into other services. The LeaveWizard web and mobile apps functionality will remain unchanged. In order to set up SAML authentication, you need to enter the Identity Provider Issuer and Metadata URL, taken from the service you want to integrate with, on LeaveWizard.

We also allow for SCIM provisioning by an Identity Provider. Users will log in using SSO but you will undertake user management tasks, such as adding users and updating their details, on the IdP website and LeaveWizard will deactivate these functions on the web app. If you want to use IdP user provisioning, besides providing the Identity Provider Issuer and Metadata URL, you need to enable SCIM Provisioning on LeaveWizard.

Supported Identity Providers

LeaveWizard supports Okta and Microsoft Azure Entra ID (formally Azure Active Directory) identity providers for SSO and provisioning. Please choose a link below for detailed specific information.

Okta SSO

Okta SCIM User Provisioning

Azure Entra ID SSO

Azure Entra ID SCIM User Provisioning


Here is a glossary of terms used in identity authentication and provisioning.

IdP (Identity Provider)

An IdP is a system that creates, maintains, and manages identity information. It also provides authentication services to applications within a network. Okta is an IdP.

SAML (Security Assertion Markup Language)

SAML is an open standard for exchanging authentication and authorization data between parties. In particular, between an identity provider and a service provider.

SCIM (System for Cross-domain Identity Management)

SCIM is a standard for automating the exchange of user identity information between identity domains or systems.

SP (Service Provider)

A SP is a system that receives and accepts an authentication assertion. LeaveWizard is a SP.

SSO (Single Sign On)

SSO is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Table of Contents