Single Sign-On overview

Single Sign-on is a useful feature to increase security and user adoption of new tools. It means that your employees can auto-login to connected applications using their default company password, which is for instance stored in your LDAP or Active Directory system. While Small Improvements doesn’t integrate with LDAP or AD directly, it does provide SAML integration, which can be used with a variety of services

Subdomain Requirement

For this to work you will need a Small Improvements subdomain. Just let us know by contacting our team and we’ll have it up and running.

Vendors supported

Below is a list of supported vendors:

Our SAML configuration screen can be found by navigating to your Administration tab > Scrolling to the bottom of the screen where the integrations are located > Clicking into the button that says “SAML SSO”.

It contains some 5 configuration fields that are somewhat technical to look at, but this makes them flexible enough to support a wide range of 3rd party solutions. You can roll out your own integration, or make use of our own or vendor-provided documentation. 

Certificate Example and Requirements

To ensure the correct setup, please make sure to review our certificate guidelines. 

Required: 

1. The following markers must be present `—–BEGIN CERTIFICATE—–` and `—–END CERTIFICATE—–`.
2. The markers are on separate lines

		-----BEGIN CERTIFICATE-----
		<br>
		MIICojCCAgugAwIBAgIBADANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJ1czEW
		<br>
		MBQGA1UECAwNU2FuIEZyYW5jaXNjbzEbMBkGA1UECgwSU21hbGwgSW1wcm92ZW1l
		<br>
		bnRzMSowKAYDVQQDDCFleGFtcGxlMTIzLnNtYWxsLWltcHJvdmVtZW50cy5jb20w
		<br>
		HhcNMTcxMjA1MTcyODU3WhcNMTgxMjA1MTcyODU3WjBuMQswCQYDVQQGEwJ1czEW
		<br>
		MBQGA1UECAwNU2FuIEZyYW5jaXNjbzEbMBkGA1UECgwSU21hbGwgSW1wcm92ZW1l
		<br>
		bnRzMSowKAYDVQQDDCFleGFtcGxlMTIzLnNtYWxsLWltcHJvdmVtZW50cy5jb20w
		<br>
		gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIcGGRD+LL21xZplZ5NB1XEXPth
		<br>
		CEszKjSAWLwnhvFXuSBubky8yccM6PMMrucAGruwFXD6zprpBqDf68nnvJHl0/bb
		<br>
		HjDwDJN/PZIYJZ71xU38qP+suVCdVi+qaDf3la4S22eTPGflUxCAKw4mVZgwRLjL
		<br>
		WO9v9LxkYF3MhkkjAgMBAAGjUDBOMB0GA1UdDgQWBBQKjW40pKMaFzjxX5PQ91j9
		<br>
		cK/HqjAfBgNVHSMEGDAWgBQKjW40pKMaFzjxX5PQ91j9cK/HqjAMBgNVHRMEBTAD
		<br>
		AQH/MA0GCSqGSIb3DQEBDQUAA4GBADQz5iti5Qgyd8tA40t8EPHn/kBUdYcm/FvO
		<br>
		Y2JBid1Jo1cpm0weypcqhBBIGadbip2Ozkl1cHQACoMtalb3GGVreStCZAKC0uhy
		<br>
		aF4iMjKrIPcouIxLCDpfjNPHmFFDUNzKPJyiEC6xr8mG4QdLQaQP9neQl9pIMYYV
		<br>
		R7J45FJ+
		<br>
		-----END CERTIFICATE-----

Adding user-accounts

The SAML integration is only for Single-Sign-On, so no users get automatically populated into Small Improvements. So, you still need to add user-accounts to Small Improvements via Administration -> Company Directory or import them from an Excel worksheet

Note: A user needs to be created in Small Improvements before he/she can log in.

Adjusting the welcome email

We recommend you adjust some of the email notification templates to avoid user confusion.

Whenever you invite staff into Small Improvements, they receive an email telling them about Small Improvements. This email also explains how to define their new password. But since they will use your SSO provider’s password instead, that email template needs to get changed.

Please navigate to our Administration tab > Click into the “Emails” button > Locate the “Access to Small Improvements: Welcome Mail” email template, and then remove any mention passwords setting. You can write that people should use the password defined in your intranet instead.

Updated on April 21, 2022

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support