What this integration does
WagePerks SSO uses SAML 2.0 or OpenID Connect against your existing identity provider — Microsoft Entra ID (formerly Azure AD) inside Microsoft 365, or Google Workspace's identity layer. Employees log in once at the company SSO portal and reach the WagePerks app without a separate password.
The integration covers:
- IdP-initiated sign-on (employee clicks WagePerks tile in Microsoft 365 or Google Workspace launcher)
- SP-initiated sign-on (employee navigates to the white-label WagePerks URL and is bounced to the IdP)
- Group-based provisioning (security group in Entra ID / Google Workspace = role in WagePerks)
- Single sign-out (employee logs out of the IdP, WagePerks session is terminated)
- Just-in-time provisioning for new joiners who appear in the IdP group but not yet in WagePerks
Status — on the 2026 roadmap
SSO is on the 2026 roadmap for SMEs above a configurable user threshold. We expect the Microsoft Entra ID and Google Workspace integrations to ship together in Q4 2026. If your security review needs SSO before then, talk to us — partner demand moves the roadmap.
What works today without SSO
WagePerks supports native email + password authentication today. Sessions are encrypted in transit (TLS 1.2+) and data is hosted in AWS eu-west-2 (London). See the security page for the full posture.
How this fits
WagePerks is the eleven-module portal at £4.50 per employee per month all-in. The SSO integration sits underneath the identity layer — your identity provider stays as the source of truth, WagePerks consumes the assertion and provisions the right role inside the app.
Related
- HR management — where IdP-provisioned roles map to WagePerks permissions
- White-label — branded SP-initiated sign-on at your domain
- All integrations