■
Yes! Simpplr configures to a number of SSO providers, including Okta, OneLogin, Azure Active Directory and G Suite. We also support any SAML 2.0 compliant SSO like Duo, Jumpcloud, Forgrock, Ping, etc. Contact your account rep to learn about setting up a SAML-based SSO.
What is single sign-on?
Single sign-on is an authentication method that enables users to securely access or authenticate into multiple applications in an environment using the same set of credentials (username and password). With SSO, a user does not have to sign in to every application they use within their environment. Instead, once a user successfully logs into the main company portal hosting the applications, access to other applications will be instant without a prompt for credentials.
How does SSO work in Simpplr?
For any SSO to work, there has to be a trust relationship between an application; otherwise known as service provider and an identity provider such as Azure, OneLogin or Okta.
The trust relationship is based upon a certificate exchanged between the identity provider (e.g Azure or Okta) and the service provider (in our case, Simpplr). The certificate is used to sign and validate identity information sent from the identity provider to Simpplr so that Simpplr knows it's coming from a trusted source.
This identity data/information, is in the form of tokens, which contain identifying bits of information of the user like username or email address.
SSO tokens
An SSO token is a collection of information or data that is passed from one system to another (from service provider to identity provider) during the SSO flow. This information can be user email address and information about which system is sending the token. The token must be digitally signed for the token receiver to verify and confirm it's coming from a trusted source. The certificate used for this digital signature is exchanged during the initial SSO configuration.
Why does Simpplr use SSO?
- It allows for streamlined user provisioning and syncing within Simpplr. If your org uses an SSO provider, the integration will ease the process of getting users onto Simpplr.
- It enables a user to use one set of credentials to access multiple applications within their environment.
- This prevents users from having to use multiple credentials and having to log in multiple times to access different applications in their environment.
- It also reduces the workload of your org's IT team dealing with forgotten usernames and passwords, as users only have to remember a single set of credentials.
- It also permits administrators to centrally control password complexity for all users and use security features like Multi-factor authentication and Conditional access (MFA/CA) to secure applications within their environment.
- Administrators can also relinquish login privileges across the environment when users leave the organization.
Points to consider before implementing SSO in your Simpplr environment
- What are the different types of users you're servicing and what are their different requirements?
- Are you configuring SSO in a cloud environment or an on-premise environment?
- How will SSO scale and improve growth and security within the organization?
- How will security features like MFA and Conditional access integrate with the SSO flow?
Can my org provision and sync user data based on the SSO source?
- Yes. For more information on how user provisioning and syncing works with your SSO provider, check out this article.
Can my org use multiple SSO providers at the same time?
- While this is technically possible, it's not necessarily recommended. There are too many use cases and workflows to highlight here, so please contact the Professional Services team to work with you on connecting multiple SSOs at once.
Comments
Please sign in to leave a comment.