Integrations•6 min read

Single Sign-On (SSO)

Let your team log in to SimpleStaff using your company's identity provider.

What is SSO?

Single Sign-On (SSO) allows employees to access SimpleStaff using their existing company credentials. Benefits include:

One password

No separate password to remember

Better security

Centralized access control

Instant deprovisioning

Remove access when employees leave

Compliance

Meet enterprise security requirements

Enterprise Only: SSO is available on Enterprise plans. Contact sales to upgrade.

Supported Identity Providers

Okta

SAML 2.0

Azure AD

SAML 2.0 / OIDC

Google Workspace

SAML 2.0

OneLogin

SAML 2.0

Don't see your provider? We support any SAML 2.0 compliant identity provider. Contact support for setup assistance.

Setting Up SSO

Get SimpleStaff SAML Details

Go to Settings → Security → SSO to find:

ACS URL: https://app.simplestaff.com/auth/saml/callback

Entity ID: https://app.simplestaff.com

SP Metadata: Download link available

Configure Your Identity Provider

Add SimpleStaff as a new SAML application in your IdP using the details above. Set the NameID to email address.

Enter IdP Details in SimpleStaff

From your IdP, get and enter these in SimpleStaff:

• SSO URL: Your IdP's login endpoint
• Entity ID: Your IdP's identifier
• Certificate: X.509 signing certificate

Test the Connection

Click "Test SSO" to verify the configuration works before enabling for all users.

Enable SSO

Toggle on "Enable SSO" and configure enforcement options.

Enforcement Options

Recommended

SSO Required

All users must log in through SSO. Email/password login is disabled.

SSO Optional

Users can choose to log in with SSO or email/password. Good for gradual rollout.

SSO Required with Exceptions

SSO is required, but specific admin accounts can use email/password as backup.

Attribute Mapping

SimpleStaff can sync user attributes from your IdP:

IdP Attribute	→	SimpleStaff Field
email	→	Email (required)
firstName / givenName	→	First Name
lastName / surname	→	Last Name
department	→	Department
title / jobTitle	→	Position

Troubleshooting

"Invalid SAML response" error

Check that:

ACS URL is exactly correct (no trailing slash)
NameID format is set to email
Certificate hasn't expired
Clock sync is within 5 minutes on your IdP server

User not found after SSO login

The user's email in your IdP must match their SimpleStaff email exactly. Either update the IdP email or SimpleStaff account to match.

Need to bypass SSO temporarily

Admin accounts can be excluded from SSO enforcement. Go to Settings → Security → SSO → Exceptions and add admin email addresses.

Enterprise Plans Roles & Permissions Audit Trail API Access

Need help setting up SSO?

Contact Support

Single Sign-On (SSO)

What is SSO?

One password

Better security

Instant deprovisioning

Compliance

Supported Identity Providers

Okta

Azure AD

Google Workspace

OneLogin

Setting Up SSO

Get SimpleStaff SAML Details

Configure Your Identity Provider

Enter IdP Details in SimpleStaff

Test the Connection

Enable SSO

Enforcement Options

SSO Required

SSO Optional

SSO Required with Exceptions

Attribute Mapping

Troubleshooting

Related Articles