Skip to main content
Enabling single sign on (SSO)
Updated today

Single Sign-On (SSO) allows users to access multiple applications and websites with one set of credentials, streamlining the login process and improving security.

The CHR supports SAML 2.0-compliant identity providers (IdP), such as Google Workspace, Microsoft Entra ID, OKTA and Duo Security. To use SSO with the CHR, you must have an account with an IdP. You then synchronize that account with the CHR.

When you enable SSO, users aren't required to enter their CHR password to log into the CHR. Instead, they are redirected to their IdP to authenticate. You can require SSO for CHR sign-in or give users the option to use it. To use SSO, a user must have accounts with the same email address on both the IdP and CHR.

This feature must be configured by the TELUS CHR Support account. Contact the TELUS Health support team through the support chat for more information.

Steps to synchronize your IdP and CHR

  1. From the main menu, click Settings > Single Sign-On.

  2. Click Add Provider. A New SAML Identity Provider window opens.

    💡Tip: Keep this open while you follow the steps from your IdP.

  3. Copy the URL from the ACS URL (Assertion Consumer Service URL) field. You’ll need this to configure SSO within your IdP admin dashboard.

  4. In a separate Google Chrome tab, open the admin dashboard for your IdP. Such as Google Admin Console or Microsoft Entra admin center.

  5. Follow the steps provided by your IdP to add a new SAML app such as Google Workspace or Microsoft Entra ID.

    For example, Google Workspace:

    📌 Note: You will need download a metadata file from your IdP.

  6. The following table provides the information you may need:

Configuration

📌 Note: The exact names of these fields vary depending on your IdP.

Setting

Application name

inputhealth-com

​Description

InputHealth

Entity ID

The URL you copied from the ACS URL field in the CHR.

Attribute Consume Service Endpoint (ACS URL).

The URL you copied from the ACS URL field in the CHR.

Name ID format

Set to email address

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Certificate

If you require the certificate please contact the TELUS Health support team through the support chat.

📌 Note: This is typically only required for older IdP configurations.

6. Return to the New SAML Identity Provider window in the CHR.

7. In the Metadata XML field, click Choose File and upload the file you downloaded from your IdP.

8. In the Name field, add the button name you want users to see on login.

9. Click Apply.

Once SSO is enabled, users enter their email address and have the option to login with SSO or login with their password.

Updated March 28, 2025

Did this answer your question?