Single sign on (SSO) setup

Simon supports Single Sign On (SSO) for all organizations. Simon supports any SAML-based Identity Provider (IdP), including Okta, One Login, or Microsoft Azure to serve as your identity provider, delegating access to the application based on rules you create in your central identity management solution.

Pro-Tip

SSO provides an additional layer of protection for your organization's user accounts. With application access granted through SAML there are no passwords for your organization's users for the application that can be compromised.

Configuration Procedure

Configuring SSO is a three part process:

1. Configure in Your Identity Provider

To configure in you identity provider, see both their documentation and also the following example sections. Some commonly used providers are:

2. Configure in Simon

Once the application is created in your identity provider, an admin user in Simon Data can fill in the necessary SSO fields:

  1. From your profile drop down, click Settings
  2. Under Security, click Authentication.
  3. Toggle Single-Sign On to on.

  1. Complete the Entity ID, Single Signon URL, Single Logout URL (optional), and 509 Certificate.
  2. Click Save.

The values to include in each field depend on your identity provider. Find your provider's section below for more specific details. If you don't see your provider listed and need assistance, contact your account manager.

3. Roll out

Simon Data allows for multiple authentication options, and optionally supports limiting authentication only to SSO users. Once SSO is working as expected, you can reach out to your client solutions manager to turn off password-based login.


Example Okta SAML Application Configuration

Review Okta's documentation also. Please note, identity provider documentation URLs can change.

Configure in Simon Data

FieldValue
Entity ID<http://www.okta.com/abcde12345>
Single Signon URL<https://YOUR-COMPANY.okta.com/app/companyname_appname/abcde12345/sso/saml>
Single Logout URL<https://YOUR-COMPANY.okta.com/app/companyname_appname/abcde12345/slo/saml>
X509 Certificate-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- (Paste with line returns, no '\n')

Configure in Okta

FieldValue
Single Sign On URLhttps://<organization-name>.simondata.com/saml/acs/
Recipient URLhttps://<organization-name>.simondata.com/saml/acs/
Destination URLhttps://<organization-name>.simondata.com/saml/acs/
Audience Restrictionhttps://<organization-name>.simondata.com/saml/metadata/ Note: the trailing/ is required.
Default Relay Statehttps://<organization-name>.simondata.com
Single Logout (optional)https://<organization-name>.simondata.com/saml/sls/
NameIDEmailAddress
Additional Attributes (optional)FirstName = user.firstName
LastName = user.lastName
Other Settings (defaults)Assertion: signed<br>Response: signed
Signature Algorithm: RSA_SHA256<br>Digest Algorithm: SHA256

Example Azure AD SAML Configuration

Review Microsoft's documentation also. Please note, identity provider documentation URLs can change.

Configure in Simon Data

FieldValue
Entity ID<https://sts.windows.net/4567abcd-1234/>
Single Signon URL<https://login.microsoftonline.com/44444-0000-9999-cccc-abcde1234/saml2>
Single Logout URL<https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0>
X509 Certificate-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- (Paste with line returns, no '\n')

Configure in Azure AD:

FieldValue
Identifier / Entityhttps://<organization-name>.simondata.com/saml/metadata/
Reply URLhttps://<organization-name>.simondata.com/saml/acs/
Signon URLhttps://<organization-name>.simondata.com/saml/sso/
Relay State (optional)https://<organization-name>.simondata.com/
Logout URL (optional)https://<organization-name>.simondata.com/saml/sls/
Name Identifier Valueuser.mail (typical)
Additional AttributesFirstName = user.givenname
LastName = user.surname

Example ADFS SAML 2.0 Configuration

We recommend reviewing the documentation for configuring a SAML application for your exact version of ADFS. You may find the screenshots of setup with other applications helpful, such as this one: Confluence ADFS SAML setup

Configure in Simon Data

FieldValue
Entity ID<http://adfs/><FEDERATION_SERVICE_ID>/trust
Single Signon URLhttps://<myadfsserver.com>/adfs/ls/
X509 Certificate-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- (Export with Base64 encoding. Paste with line returns, no '\n')

Configure in ADFS

XML Configuration: https://.simondata.com/saml/metadata/

ConfigurationValue
Relying party SAML 2.0 SSO Service URLhttps://<organization-name>.simondata.com/saml/acs/
Relying party trust identifierhttps://<organization-name>.simondata.com/saml/metadata/
Name IDemail address
Example Name Identifier Custom Rulec:\[Type == "\<http\://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress> "] => issue(Type = "<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier> ", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["<http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format> "] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");```

Example NameID Claim Rule: