Enterprise SSO (Single Sign On)
Cory Brown avatar
Written by Cory Brown
Updated over a week ago

Plan availability: βœ“ Elite βœ“ Enterprise

Whether you're an Azure AD, Google Workspace, Okta, Auth0 user, or any app employing the SAML and OIDC protocols, we've got you covered to ensure secure access for all your team members.


Setting up Enterprise SSO

  1. Log in to your Simplesat account and navigate to the Authentication security page within Admin settings.

  2. Click on the 'Configure SSO' option. You will be led to a new tab where you'll be prompted to select your identity provider or opt for custom SAML or OIDC configurations.
    ​

  3. After you go through the given instructions and complete the setup, our system will run a connectivity test to ensure everything's working. Do note that, depending on your chosen IdP, changes can take anywhere from a few minutes to 24 hours to come into effect.

  4. If a test returns an error, give it a few minutes and try again. If you continue to experience issues, please reach out to Simplesat support or your IdP's helpdesk.

πŸ’‘ By default, only one domain is permitted, the one you specify during SSO setup. For additional domains, please reach out to Simplesat support for assistance.

Using the Authorization URL

With the Authorization URL at hand, team members can instantly create their Simplesat accounts.

This not only streamlines the onboarding process but also eliminates the need for individual invitations.

Accounts made using JIT provisioning will be given the 'Collaborator' role by default, devoid of survey access. Adjustments can be made later via the Users page.

Implementing SSO enforcement

Here's how you can apply SSO within your organization:

  1. Total Enforcement: Ideal for those using the Enterprise SSO feature across the board. This means all users, except those manually deactivated (see below for more details), must access your Simplesat account via Enterprise SSO.

  2. Flexibility in Access: The 'It's optional' setting means users can choose their login method - social SSO, username/password, or enterprise SSO.

Managing individual user settings

With Enterprise SSO activated, you can quickly gauge the enforcement status of each user by visiting the Users page and checking the 'Authentication' column.

If you need to disable SSO enforcement for a specific user, simply edit their profile and select the 'Disable SSO enforcement' checkbox.

Even if you modify the global settings later on, this individual preference will remain unchanged.

Deactivating or removing the feature

Should the need arise, you can reset the connection to either change your IdP or entirely disconnect the settings from your Simplesat profile.

And, if you ever decide to stop using the feature, just shoot a message to Simplesat's support team, and we'll handle the rest.

Did this answer your question?