Skip to Content
SSO/SAML Enterprise

Single Sign-On (SSO) Setup

Configure Single Sign-On with your identity provider for secure, centralized authentication.

Overview

Simplistica supports SAML-based Single Sign-On (SSO) integration with major identity providers, allowing your team to sign in using your existing authentication system.

Enterprise Feature: SSO is available for enterprise customers only. Contact sales to enable this feature.

Note: SSO handles authentication only. For automatic user provisioning, group management, and role assignment, you’ll need to set up SCIM separately. See our SCIM documentation for user management features.

Supported Identity Providers

🔐 Google Workspace

SAML 2.0

Full SAML support

Domain Verification

Secure authentication

Single Sign-On

Seamless login experience

🔐 Microsoft Azure AD

SAML 2.0

Full SAML support

Domain Verification

Secure authentication

Single Sign-On

Seamless login experience

🔐 Okta

SAML 2.0

Full SAML support

Domain Verification

Secure authentication

Single Sign-On

Seamless login experience

🔐 Other SAML Providers

SAML 2.0

Standard SAML support

Domain Verification

Secure authentication

Single Sign-On

Seamless login experience

How SSO Works

Authentication Flow

1. User Access

  • User visits Simplistica and clicks “Sign in with SSO”
  • User is redirected to their identity provider (IdP)

2. Identity Verification

  • User authenticates with their IdP credentials
  • IdP verifies the user’s identity and domain

3. Secure Login

  • IdP sends a secure SAML response to Simplistica
  • User is automatically signed in if their email domain matches

4. Access Granted

  • User gains access to Simplistica with their existing account
  • No new user account is created

Important: SSO only works for users who already have accounts in Simplistica. Users must be manually invited or created before they can use SSO to sign in. For automatic user provisioning, see our SCIM documentation.

Setup Instructions

Google Workspace Configuration

1. Create the SAML application

Go to AppsWeb and mobile apps in your Google Workspace Admin Console and click + Add custom SAML app. Name it Simplistica and click Continue.

In the service provider details, enter:

  • ACS URL: https://api.simplistica.co/auth/v1/sso/saml/acs
  • Entity ID: https://api.simplistica.co/auth/v1/sso/saml/metadata

2. Configure basic attribute mapping

In the Attribute mapping section, add these mappings:

  • Primary email: user.primaryEmail
  • First name: user.name.givenName
  • Last name: user.name.familyName

Click Finish, then download the metadata XML file from the app settings.

3. Complete the setup in Simplistica

Go to SettingsSSO in Simplistica. Enter your company domain and upload the SAML metadata XML file you downloaded.

Click Test Connection to verify everything works, then Save Configuration.

Microsoft Azure AD Configuration

1. Create an enterprise application

Go to Azure Active DirectoryEnterprise applications in your Azure Portal and click + New application.

Select Create your own application, name it Simplistica, and choose Integrate any other application you don’t find in the gallery.

2. Configure SAML settings

In your Simplistica app, go to Single sign-on and select SAML as the sign-on method. Click Edit in the Basic SAML Configuration section.

Enter these settings:

  • Identifier (Entity ID): https://api.simplistica.co/auth/v1/sso/saml/metadata
  • Reply URL: https://api.simplistica.co/auth/v1/sso/saml/acs

3. Configure user attributes

Go to Single sign-onUser Attributes & Claims and click Edit on the default claim.

Add these claims:

  • Name: Email, Source attribute: user.mail
  • Name: FirstName, Source attribute: user.givenname
  • Name: LastName, Source attribute: user.surname

4. Download the SAML metadata

Go back to Single sign-on in your Simplistica app and scroll to SAML Signing Certificate. Click Download next to “Federation Metadata XML” and save the file.

5. Complete the setup in Simplistica

Go to SettingsSSO in Simplistica. Enter your company domain and upload the SAML metadata XML file you downloaded.

Click Test Connection to verify everything works, then Save Configuration.

Okta Configuration

1. Create the SAML application

Go to ApplicationsApplications in your Okta Admin Console and click + Create App Integration.

Select SAML 2.0 and click Next. Name it Simplistica and click Next.

2. Configure SAML settings

In the SAML Settings section, enter:

  • Single sign on URL: https://api.simplistica.co/auth/v1/sso/saml/acs
  • Audience URI (SP Entity ID): https://api.simplistica.co/auth/v1/sso/saml/metadata
  • Name ID format: EmailAddress

3. Configure attribute mapping

In the Attribute Statements section, add these mappings:

  • Name: email, Value: user.email
  • Name: firstName, Value: user.firstName
  • Name: lastName, Value: user.lastName

4. Assign users and download metadata

Go to Assignments and assign users or groups to the application.

Go to Sign On and click View Setup Instructions. Download the metadata XML file.

5. Complete the setup in Simplistica

Go to SettingsSSO in Simplistica. Enter your company domain and upload the SAML metadata XML file you downloaded.

Click Test Connection to verify everything works, then Save Configuration.

Simplistica SSO Setup

Simplistica SSO Setup

1. Access SSO Settings

  • Go to Settings in Simplistica
  • Click on SSO in the sidebar
  • Ensure you have enterprise access

2. Enter Domain

  • Enter your company domain (e.g., company.com)
  • This domain will be used to match SSO users
  • Only users with emails from this domain can use SSO

3. Upload Metadata

  • Download the SAML metadata from your IdP
  • Upload the metadata file to Simplistica
  • Or provide the metadata URL if available

4. Test and Save

  • Click Test Connection to verify setup
  • If successful, click Save Configuration
  • Users can now sign in using SSO

SSO URLs

Use these URLs in your identity provider configuration:

Required URLs

Entity ID (SP Entity ID):

https://api.simplistica.co/auth/v1/sso/saml/metadata

Metadata URL:

https://api.simplistica.co/auth/v1/sso/saml/metadata

Assertion Consumer Service (ACS) URL:

https://api.simplistica.co/auth/v1/sso/saml/acs

Single Logout (SLO) URL:

https://api.simplistica.co/auth/v1/sso/slo

User Management Considerations

Important Notes

User Accounts Must Exist First

  • SSO only works for existing Simplistica users
  • Users must be invited or created before they can use SSO
  • SSO does not automatically create new user accounts

Domain Matching

  • Users’ email addresses must match the configured SSO domain
  • Only users from the configured domain can use SSO authentication

Manual User Management

  • User invitations, role assignments, and team management are handled separately
  • Use the Organization settings page to manage team members
  • Consider setting up SCIM for automatic user provisioning

Troubleshooting

Common Issues

“SSO is not configured for domain”

Ensure the user’s email domain matches the configured SSO domain exactly.

“Invalid SAML response”

Check that the SAML metadata is correctly uploaded and the URLs match your IdP configuration.

“User not found”

The user must already have an account in Simplistica. SSO only handles authentication, not user creation.

“Access denied”

Ensure the user has been invited to your team and has the appropriate permissions.

Pro Tip: For complete user lifecycle management, consider combining SSO with SCIM. SSO handles authentication, while SCIM handles user provisioning, deprovisioning, and group management.

Support: If you encounter issues with SSO setup, contact our support team with your IdP configuration details and error messages.

Last updated on
Import & Export
SCIM Enterprise