Setting up Single Sign-On (SSO) in PoolCar
What is SSO?
Single Sign-On (SSO) allows users to securely access multiple applications using one set of login credentials. Instead of signing in separately to each system, users authenticate once through a central identity provider (such as Microsoft Entra ID or Okta), and that trusted authentication is used to access connected applications. This improves security, simplifies user management, and creates a smoother login experience.
How to Setup Single Sign-On
Using Claims for PoolCar
PoolCar has 14 Driver Record fields that you can have Entra automatically update the values of.
Username, First Name, Last Name and Email Address are all mandatory. The rest are optional.
Most of the supported fields are not a default source attribute in Identity providers, therefore custom source attributes will need to be created if you would like to automate the data in these fields.
Driver Field | Claim Name | Source Attribute | Note |
|---|---|---|---|
Username* | urn:poolcar:username | user.mail or user.principalname | Email Address is recommended. Username cannot be changed in PoolCar once set. You can submit a ticket here if a username needs updating in PoolCar. |
First Name* | urn:poolcar:givenname | user.givenname | Mandatory |
Last Name* | urn:poolcar:surname | user.surname | Mandatory |
Email Address* | urn:poolcar:emailaddress | user.mail | Mandatory |
Mobile Number | urn:poolcar:phone | user.mobilephone | Recommended if this information is essential for PoolCar admins |
Line Manager’s Email | urn:poolcar:linemanageremail | custom source attribute | Line Managers in PoolCar can be the nominated recipients for Approval Triggers, Drivers Licence Verification, etc. |
Employee ID | urn:poolcar:employeeid | user.employeeid | Staff can use their Employee ID to access the KeyMaster, instead of the Booking ID. If using Employee ID for this, setting up a claim for this is recommended. |
Home Campus | urn:poolcar:homecampus | user.officelocation | Home Campus can be used to allocate Access Groups. |
Cost Centre | urn:poolcar:costcentre | user.department or custom | This Cost Centre value does NOT apply to Vehicles. If not opting for this claim, Cost Centres can be a free text field or pre-defined in a table that users would select from a drop down. |
Project Code | urn:poolcar:projectcode | custom source attribute | Project Code here is driver based, not job based. |
Access Card Number | urn:poolcar:accesscardno | custom source attribute | If you have integrated a Custom Card Reader on your KeyMasters, drivers can access the keys for their booking using their Access Cards, instead of the Booking ID. If your Access Card Numbers are stored in another system (i.e. Gallagher) you can setup an API integration to get these into your Identity provider. |
Licence Full Name | urn:poolcar:licencename | custom source attribute | For Licence Verification purposes. |
Licence State | urn:poolcar:licencestate | custom source attribute | For Licence Verification purposes. |
Licence Type | urn:poolcar:licencetype | custom source attribute | For Licence Verification purposes and Bookable Vehicle visibility (i.e. Manual, Trucks, etc.) |
Licence Expiry | urn:poolcar:licenceexpiry | custom source attribute | For Licence Verification purposes. Optional reminders workflow can be activated to remind users when their licence is nearing expiry. |
How Often Do Updated Entra Values Sync to PoolCar?
Currently, PoolCar does not support SCIM.
This means, when values update in your Identity Provider (Entra, Okta, etc.), they won’t update in PoolCar the Driver’s record UNTIL they sign in to PoolCar with a NEW auth session.
Entra only responds with a new SAML Assertion (updated Entra attribute values) when the service provider (PoolCar) sends an AuthnRequest - which only happens at a new MFA session.
Forcing a Sync
The auth session naturally expires after periodic inactivity (check your Identity provider’s configuration) or there’s other ways to start a new auth session:
Force evoke MFA session from Entra (actioned by an Entra administrator)
Opening PoolCar in an Incognito (InPrivate) window
Close all browser windows (non-persistent session)
Open PoolCar from a new device or browser (i.e. Opening PoolCar with Chrome, if Edge was the last used browser)