Single Sign-on is a useful feature to increase security and user adoption of new tools. It means that your employees can auto-login to connected applications using their default company password, which is for instance stored in your LDAP or Active Directory system. While Small Improvements doesn’t integrate with LDAP or AD directly, it does integrate with a middleware called Centrify.
Centrify is a web-based middleware that connects the cloud applications you use with your internal Active Directory or LDAP servers. Centrify has tons of features, but we’ll only need one, which is the SAML based SSO option.
Configuration
On Centrify’s Cloud Manager (admin page), click on Apps and then on Add Web Apps.
Search for ‘Small Improvements’ in the catalog, but make sure you add the ‘SAML’ one:
Then it gives you the ‘Application Issuer URL’ to type on Small Improvement’s administration screen (see below)
It also gives you a Signing Certificate as a downloadable file that you can edit in notepad and copy on Small Improvement’s admin screen.
And it asks for your subdomain name which you need to configure with SI’s support team.
Don’t forget to configure the ‘User Access’ option on the left to tell which user role can access this app and if the app is presented automatically or optionally to the users. This is Centrify’s way of ‘publishing’ an app: add it to some people’s dashboard. The rest shouldn’t require any change – it’s pre-configured and it works.
Now locate the Small Improvements SAML Admin page and enter the settings you just copied:
Add user-accounts
Now add user accounts to Small Improvements through the Company Directory or import them from an Excel worksheet. Note: A user needs to be created in Small Improvements before he/she can log in.
Adjusting the welcome email
Important: You must adjust some emails to avoid confusion.
- Whenever you invite staff into Small Improvements, they receive an email telling them about Small Improvements. This email also explains how to define their new password. But since they will use Centrify’s password instead, that email template needs to get changed!.
- Please locate the “Access to Small Improvements: Welcome Mail” email template, and remove any mention passwords setting. You can write that people should use the password defined in your intranet instead.
That’s it!
For this to work you will need a Small Improvements subdomain. Just let us know and we’ll have it up and running within 48 hours or so.
- Remember: The Centrify integration via SAML is only for SSO, it doesn’t help with user management. All users need to have an account on both systems already.
- And before you roll out the Centrify integration, you should definitely test it with two or three accounts, just to be sure everything it set up properly!
Troubleshooting
In case something doesn’t work with login via Centrify (for instance because a user exists in SI but not in LDAP, or Centrify doesn’t pull it from LDAP), and you still want that person to be able to log in, please manually define a password for them: Go to the user profile page, locate “admin” in the dropdown, and change their password.
Tell the person their new password, and direct them to log in via the main SI website: https://www.small-improvements.com. Don’t use your company-specific subdomain, since that will typically redirect to Centrify instantly. The www option will allow the user to log in manually.