Single Sign-on is a useful feature to increase security and user adoption of new tools. It means that your employees can auto-login to connected applications using their default company password, which is for instance stored in your LDAP or Active Directory system. While Small Improvements doesn’t integrate with LDAP or AD directly, it does provide SAML integration, which can be used with a variety of services
Subdomain Requirement
For this to work you will need a Small Improvements subdomain. Just let us know by contacting our team and we’ll have it up and running.
Vendors supported
Below is a list of supported vendors:
- Google Apps: we offer an official integration with Google Apps
- OneLogin: We provide our own detailed setup guide for OneLogin.
- Microsoft Azure: We’re listed in Azure AD’s application gallery. Please refer to their setup tutorial.
- CA: We’ve been certified to integrate with CA Siteminder. You can find more details and a CA runbook on their website.
- Okta: We’re listed as a certified Okta application in the Okta directory. Learn more on our Okta setup guide.
- Centrify: We have an official SAML integration with Centrify too. Learn more on our Centrify setup guide.
- Ping Identity: We officially integrate with Ping Identity. Read the Ping Identity setup guide.
- Simple Saml PHP: A customer of ours provided details on how to set up SimpleSamlPHP with SI.
Our SAML configuration screen can be found by navigating to your Administration tab > Scrolling to the bottom of the screen where the integrations are located > Clicking into the button that says “SAML SSO”.
It contains some 5 configuration fields that are somewhat technical, but this makes them flexible enough to support a wide range of 3rd party solutions. You can roll out your own integration or use our own or vendor-provided documentation.
Certificate Example and Requirements
To ensure the correct setup, please review our certificate guidelines.
Required:
1. The following markers must be present `—–BEGIN CERTIFICATE—–` and `—–END CERTIFICATE—–`.
2. The markers are on separate lines
-----BEGIN CERTIFICATE----- <br> MIICojCCAgugAwIBAgIBADANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJ1czEW <br> MBQGA1UECAwNU2FuIEZyYW5jaXNjbzEbMBkGA1UECgwSU21hbGwgSW1wcm92ZW1l <br> bnRzMSowKAYDVQQDDCFleGFtcGxlMTIzLnNtYWxsLWltcHJvdmVtZW50cy5jb20w <br> HhcNMTcxMjA1MTcyODU3WhcNMTgxMjA1MTcyODU3WjBuMQswCQYDVQQGEwJ1czEW <br> MBQGA1UECAwNU2FuIEZyYW5jaXNjbzEbMBkGA1UECgwSU21hbGwgSW1wcm92ZW1l <br> bnRzMSowKAYDVQQDDCFleGFtcGxlMTIzLnNtYWxsLWltcHJvdmVtZW50cy5jb20w <br> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIcGGRD+LL21xZplZ5NB1XEXPth <br> CEszKjSAWLwnhvFXuSBubky8yccM6PMMrucAGruwFXD6zprpBqDf68nnvJHl0/bb <br> HjDwDJN/PZIYJZ71xU38qP+suVCdVi+qaDf3la4S22eTPGflUxCAKw4mVZgwRLjL <br> WO9v9LxkYF3MhkkjAgMBAAGjUDBOMB0GA1UdDgQWBBQKjW40pKMaFzjxX5PQ91j9 <br> cK/HqjAfBgNVHSMEGDAWgBQKjW40pKMaFzjxX5PQ91j9cK/HqjAMBgNVHRMEBTAD <br> AQH/MA0GCSqGSIb3DQEBDQUAA4GBADQz5iti5Qgyd8tA40t8EPHn/kBUdYcm/FvO <br> Y2JBid1Jo1cpm0weypcqhBBIGadbip2Ozkl1cHQACoMtalb3GGVreStCZAKC0uhy <br> aF4iMjKrIPcouIxLCDpfjNPHmFFDUNzKPJyiEC6xr8mG4QdLQaQP9neQl9pIMYYV <br> R7J45FJ+ <br> -----END CERTIFICATE-----
Adding user-accounts
The SAML integration is only for Single-Sign-On, so no users get automatically populated into Small Improvements. So, you still need to add user-accounts to Small Improvements via Settings -> Company Directory or import them from an Excel worksheet.
Note: A user needs to be created in Small Improvements before he/she can log in.
Adjusting the welcome email
We recommend adjusting your email notification templates to avoid confusion.
Whenever you invite staff into Small Improvements, they receive an email about their account. This email also explains how to define their new password. But since they will use your SSO provider’s password instead, that email template should be changed.
Click Settings > Emails, then expand the Users & Administration section. Adjust the text in the “Welcome email with password setting instructions” template to remove the note about setting a password in Small Improvements. You can edit the other email templates to direct your employees to your SSO sign-on.
