15Five - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for 15Five using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with 15Five, ensure you meet the following requirements:
- 15Five admin rights
- 15Five Sub-Domain https://<COMPANY_NAME>.15five.com
- MPAS Admin rights
- Make sure that all users intended to use SSO in 15Five are registered in your IdP and have the necessary permissions to access 15Five.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
15Five - SSO configuration
Step 1 - Configure in 15Five
- Admin login
- Click on Company Settings
- Reach Single Sign-On
- and click on Getting Started
- Enter the subdomain → XML Setup: paste the IdP metadata (Multi-Pass, you will where to find it in the steps below)
- Detail Setup:
- IdP Identity ID = Entity ID (Multi-Pass) = https://ca.auth.kzero.com/realms/<TENANT_NAME>
- IdP SSO URL = SSO URL (Multi-Pass) = https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml
- Binding = HTTP-Redirect
- Metadata URL = https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/descriptor
- User Attribute = NameID = email
- Click on Save
SP Values (to use in Multi-Pass)
| Field | Value |
|---|---|
| Sign-on URL (Start URL) | https://<COMPANY_NAME>.15five.com |
| ACS URL | https://<COMPANY_NAME>.15five.com/saml2/acs (confirm with official docs) |
| Entity ID / Identifier (Audience URI) | https://<COMPANY_NAME>.15five.com/saml2/metadata/ |
| Metadata (SP) | Provided by 15Five (if requested) |
The values above follow Microsoft patterns. Replace <COMPANY_NAME> with your real subdomain. Confirm with 15Five support if in doubt.
Step 2 - Configure in Multi-Pass (Identity Provider)
- Select your tenant
- Click on Integrations and select Applications
- Reach the custom section and click on SAML
- Enter the following values from 15Five:
| Field | Value |
|---|---|
| Client ID (= SP Entity ID) | https://<COMPANY_NAME>.15five.com/saml2/metadata/ |
| Name | 15Five |
| Description | 15Five SSO integration |
| Assertion Consumer Service (ACS) URL | https://<COMPANY_NAME>.15five.com/saml2/acs |
| NameID Policy Format | email |
- Then download the Tenant XML Metadata
- Click on Add integration
- On the left side of your screen, click on "Advanced console"
- Click on Client and use the search bar to look for 15Five
- Make sure all the fields are well completed :
General settings (MPAS)
| Field | Value |
|---|---|
| Client ID | https://<COMPANY_NAME>.15five.com/saml2/metadata/ |
| Name | 15Five |
| Description | 15Five SSO integration |
| Always Display in UI | ON |
Access settings (MPAS)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/15Five |
| Valid Redirect URIs (ACS) | https://<COMPANY_NAME>.15five.com/saml2/acs |
| IDP-Initiated SSO URL Name | 15Five |
SAML Capabilities (MPAS)
| Setting | Value |
|---|---|
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption (MPAS)
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the tab "Keys" and make sure that both parameters are switched to OFF
- Go to the "advanced" tab
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (ACS) = https://<COMPANY_NAME>.15five.com/saml2/acs
Step 3 - Finalize & Test
- Paste the Multi-Pass IdP metadata into the configuration.
- Verify the IdP Entity ID, IdP SSO URL, and the certificate.
- Enable SSO.
- Save changes.
No native SCIM is available — provisioning must be done manually.
- In the 15Five Admin Console: Click on Manage Company
- Then click on People and Add People.
- Enter:
- First Name, Last Name, Title, Email (must match the value in Entra/Multi-Pass).
- The user will receive an activation email.
Test the Configuration
- From Multi-Pass: create a test user with the same email address.
Run a login test:
- Sign-on URL =
https://<COMPANY_NAME>.15five.com - Confirm authentication flows through SAML (Multi-Pass).
- Verify attributes sent:
- Mandatory → email
- Optional (if mapped) → first name, last name, title
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Vanta - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...Dynatrace - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...