What is SAML?

Security Assertion Markup Language (SAML, pronounced SAM-el) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

In non-jargon speak, SAML SSO (Single Sign On) lets your users login to Sonderplan (the service provider) with third party identity providers, such as Google Workspace, Okta, Azure Active Directory and Onelogin.

SAML SSO is available to all of our customers and we recommend implementing it to boost your companies security posture

SAML reduces friction, allowing your users to access Sonderplan with their existing company controlled user account.

Implementing SAML also benefits your businesses IT administrators, with less admin overhead and improved security by centralising user accounts. SAML isn’t just for large enterprise, it’s recommended for any business already running a central user directory such as Google Workspace.

Enabling SAML SSO

To enable SAML SSO go to Admin -> System Settings, expand the SAML Sign On (SSO) Settings accordion and then change the Enable SAML SSO option to Enabled.

Identity Provider Details

These settings will be supplied via your Identity Provider, eg. Google Workspace, Microsoft Azure Active Directory etc. Please copy and paste them into the relevant fields and refer to the guides further down on how to configure SAML within your Identity Provider.

Identity Provider Name

This field will be displayed on the SSO sign in button on the login screen.

IDP Entity ID / Issuer URL

Identity Provider Issuer Entity ID, often a URL, eg. http://okta.com/Eksj7Hhsk24klljsd

IDP Login URL / SSO Endpoint

The URL that Sonderplan will call to request a user login from the Identity Provider

IDP Logout URL / SLO Endpoint

The URL that Sonderplan will call to request a user logout to the Identity Provider

IDP X.509 Certificate

The authentication certificate issued by your Identity Provider

Configuration Guides

These guides cover the most common identity providers that our customers use, however if you’re running into issues or need help with configuring a different provider, please reach out to our support team.

Google Workspace

To configure Sonderplan SAML SSO with Google Workspace, please expand and follow the instructions in each section:

Microsoft Entra

To configure Sonderplan SAML SSO with Microsoft Entra, please expand and follow the instructions in each section:

Okta

To configure Sonderplan SAML SSO with Okta, please expand and follow the instructions in each section:

Configure Users for SSO

Once you’ve correctly configured SAML, you’ll need to enable SAML SSO Login for each of your users in Admin -> Users & Groups -> User Editor -> SAML SSO Login.

To prevent accidental account lockouts due to potential misconfiguration or Identity Provider outages, we recommend maintaining at least one Super Administrator account configured with the Standard Login method.