PoolCar - Single Sign-On
What is SSO?
Single Sign-On (SSO) allows users to securely access multiple applications using one set of login credentials. Instead of signing in separately to each system, users authenticate once through a central identity provider (such as Microsoft Entra ID or Okta), and that trusted authentication is used to access connected applications. This improves security, simplifies user management, and creates a smoother login experience.
What Information Can My IdP Send PoolCar?
PoolCar has 14 Driver Record fields that you can have Entra automatically update the values of.
Username, First Name, Last Name and Email Address are all mandatory. The rest are optional.
Most of the supported fields are not a default source attribute in Identity providers, therefore custom source attributes will need to be created if you would like to automate the data in these fields.
Claim Name | Source Attribute | Note / Purpose of Field | Recommendation |
|---|---|---|---|
urn:poolcar:username | user.principalname | Cannot be edited | Mandatory |
urn:poolcar:emailaddress | user.mail | For email notifications | Mandatory |
urn:poolcar:givenname | user.givenname | User’s first name | Mandatory |
urn:poolcar:surname | user.surname | User’s last name | Mandatory |
urn:poolcar:phone | user.mobilephone | Used for contact details associated with bookings | Prevent outdated or incorrectly entered phone numbers |
urn:poolcar:homecampus | user.officelocation | Can be used for Access Groups (e.g. restricting asset access) | Keep working location current |
urn:poolcar:employeeid | user.employeeid | Can be used to access KeyMaster instead of Booking ID | Prevent incorrectly entered Employee ID |
urn:poolcar:linemanageremail | custom attribute | Can opt for email notifications | Prevent outdated manager details |
urn:poolcar:costcentre | custom attribute | Used when cost centres are assigned at the driver level | Maintain accurate billing data |
urn:poolcar:projectcode | custom attribute | Used for billable projects or internal cost tracking | Maintain accurate billing data |
urn:poolcar:dob | custom attribute | Date of birth. Can be disabled | Optional |
urn:poolcar:licencename | custom attribute | Name on driver’s licence, used for licence verification | Prevent incorrectly entered licence details |
urn:poolcar:licencestate | custom attribute | Issuing state of the driver’s licence | Prevent incorrectly entered licence details |
urn:poolcar:licencetype | custom attribute | Licence class or type for verification purposes | Prevent incorrectly entered licence details |
urn:poolcar:licenceexpiry | custom attribute | Driver’s licence expiry date | Ensure licence validity is tracked |
How to Setup Single Sign-On
SAML (Security Assertion Markup Language)
Register the PoolCar application within Entra ID | ||
|---|---|---|
 |
|
|
Configure Basic SAML Information | ||
|
| Note: We will ask you to edit out ‘uat’ once UAT testing is complete |
Basic SAML Information | ||
Identifier (Entity ID) | https://subdomainUAT.poolcar.com | |
Reply URL | https://subdomainUAT.poolcar.com/Authservices/Acs | |
Sign on URL | https://subdomainUAT.poolcar.com/Signin.aspx | |
Configure SAML Claims | ||
|
|
|
Claim Name | Source Attribute | |
urn:poolcar:username | user.userprincipalname or user.mail | |
urn:poolcar:givenname | user.givenname | |
urn:poolcar:surname | user.surname | |
urn:poolcar:emailaddress | user.mail | |
urn:poolcar:phone | user.mobilephone | |
urn:poolcar:linemanageremail | custom source attribute | |
urn:poolcar:employeeid | user.employeeid | |
urn:poolcar:homecampus | user.officelocation | |
urn:poolcar:costcentre | user.department or custom source | |
urn:poolcar:projectcode | custom source attribute | |
urn:poolcar:dob | custom source attribute | |
urn:poolcar:licencename | custom source attribute | |
urn:poolcar:licencestate | custom source attribute | |
urn:poolcar:licencetype | custom source attribute | |
urn:poolcar:licenceexpiry | custom source attribute | |
SAML Certificate | Setup SSO Access Groups | |
|
|
When UAT is approved, you will need to grant access to the relevant users of the app. Please discuss with the fleet manager. |
OIDC (Open ID Connect)
How Often Do Updated Entra Values Sync to PoolCar?
Currently, PoolCar does not support SCIM.
This means, when values update in your Identity Provider (Entra, Okta, etc.), they won’t update in PoolCar the Driver’s record UNTIL they sign in to PoolCar with a NEW auth session.
Entra only responds with a new SAML Assertion (updated Entra attribute values) when the service provider (PoolCar) sends an AuthnRequest - which only happens at a new MFA session.
Forcing a Sync
The auth session naturally expires after periodic inactivity (check your Identity provider’s configuration) or there’s other ways to start a new auth session:
Force evoke MFA session from Entra (actioned by an Entra administrator)
Opening PoolCar in an Incognito (InPrivate) window
Close all browser windows (non-persistent session)
Open PoolCar from a new device or browser (i.e. Opening PoolCar with Chrome, if Edge was the last used browser)