Skip to main content
Single Sign-On overview
Updated over 6 months ago

Single Sign-on is a useful feature to increase security and user adoption of new tools. It means that your employees can auto-login to connected applications using their default company password, which is for instance stored in your LDAP or Active Directory system. While Small Improvements doesn’t integrate with LDAP or AD directly, it does provide SAML integration, which can be used with a variety of services

Subdomain Requirement

For this to work you will need a Small Improvements subdomain. Just let us know by contacting our team and we’ll have it up and running.

Vendors supported

Below is a list of supported vendors:

Our SAML configuration screen can be found by navigating to your Administration tab > Scrolling to the bottom of the screen where the integrations are located > Clicking into the button that says “SAML SSO”.

It contains some 5 configuration fields that are somewhat technical, but this makes them flexible enough to support a wide range of 3rd party solutions. You can roll out your own integration or use our own or vendor-provided documentation.

Certificate Example and Requirements

To ensure the correct setup, please review our certificate guidelines.

Required:

1. The following markers must be present `—–BEGIN CERTIFICATE—–` and `—–END CERTIFICATE—–`.
2. The markers are on separate lines

-----BEGIN CERTIFICATE----- <br> MIICojCCAgugAwIBAgIBADANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJ1czEW <br> MBQGA1UECAwNU2FuIEZyYW5jaXNjbzEbMBkGA1UECgwSU21hbGwgSW1wcm92ZW1l <br> bnRzMSowKAYDVQQDDCFleGFtcGxlMTIzLnNtYWxsLWltcHJvdmVtZW50cy5jb20w <br> HhcNMTcxMjA1MTcyODU3WhcNMTgxMjA1MTcyODU3WjBuMQswCQYDVQQGEwJ1czEW <br> MBQGA1UECAwNU2FuIEZyYW5jaXNjbzEbMBkGA1UECgwSU21hbGwgSW1wcm92ZW1l <br> bnRzMSowKAYDVQQDDCFleGFtcGxlMTIzLnNtYWxsLWltcHJvdmVtZW50cy5jb20w <br> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIcGGRD+LL21xZplZ5NB1XEXPth <br> CEszKjSAWLwnhvFXuSBubky8yccM6PMMrucAGruwFXD6zprpBqDf68nnvJHl0/bb <br> HjDwDJN/PZIYJZ71xU38qP+suVCdVi+qaDf3la4S22eTPGflUxCAKw4mVZgwRLjL <br> WO9v9LxkYF3MhkkjAgMBAAGjUDBOMB0GA1UdDgQWBBQKjW40pKMaFzjxX5PQ91j9 <br> cK/HqjAfBgNVHSMEGDAWgBQKjW40pKMaFzjxX5PQ91j9cK/HqjAMBgNVHRMEBTAD <br> AQH/MA0GCSqGSIb3DQEBDQUAA4GBADQz5iti5Qgyd8tA40t8EPHn/kBUdYcm/FvO <br> Y2JBid1Jo1cpm0weypcqhBBIGadbip2Ozkl1cHQACoMtalb3GGVreStCZAKC0uhy <br> aF4iMjKrIPcouIxLCDpfjNPHmFFDUNzKPJyiEC6xr8mG4QdLQaQP9neQl9pIMYYV <br> R7J45FJ+ <br> -----END CERTIFICATE-----

Adding user-accounts

The SAML integration is only for Single-Sign-On, so no users get automatically populated into Small Improvements. So, you still need to add user-accounts to Small Improvements via Settings -> Company Directory or import them from an Excel worksheet.

Note: A user needs to be created in Small Improvements before he/she can log in.

Adjusting the welcome email

We recommend adjusting your email notification templates to avoid confusion.

Whenever you invite staff into Small Improvements, they receive an email about their account. This email also explains how to define their new password. But since they will use your SSO provider’s password instead, that email template should be changed.

Click Settings > Emails, then expand the Users & Administration section. Adjust the text in the “Welcome email with password setting instructions” template to remove the note about setting a password in Small Improvements. You can edit the other email templates to direct your employees to your SSO sign-on.

Did this answer your question?