Getting started
      Back to home
      1. Simfuni Knowledge Base
      2. Getting started

      Setting up federated access (SSO)

      How to access the partner portal using your companies identity provider

      What is Federated Access and SAML?

      Federated access refers to a single sign-on (SSO) mechanism that allows users to access multiple systems with a single set of credentials. SAML is a widely used XML-based standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP).

      Benefits of Federated Access with SAML:

      1. Simplified User Experience: Federated access eliminates the need for users to remember multiple sets of credentials, providing a seamless and user-friendly experience.

      2. Enhanced Security: SAML leverages cryptographic signatures, ensuring that authentication data is secure during transmission. This reduces the risk of unauthorized access and protects sensitive information.

      3. Centralized Authentication: With federated access, authentication is centralized through an identity provider. This centralization streamlines user management processes and allows for consistent access control policies.

      Setting Up Federated Access via SAML

      The following steps summarise the data exchange and process to onboard a third party Identity Provider.

      Simfuni will provide you with a custom subdomain which you will need to use for accessing the partner portal, for example https://your-business-name.simfuni.com.

      1. Choose an Identity Provider (IdP): Select a reliable identity provider that supports SAML. Popular IdPs include Okta, OneLogin, and Microsoft Azure Active Directory (Entra ID).

      2. Configure IdP Settings: Configure the necessary settings on your chosen IdP, such as creating a new application for the Simfuni partner portal. Simfuni will provide you with identifier and reply URL parameters required to configure your application. Obtain the metadata.xml file provided by the IdP, which will be used during the service provider configuration.

      3. Service Provider (SP) Configuration: Simfuni will import your IdP metadata.xml during the provisioning of your partner account. This step in conjunction with a certificate exchange forms a trust relationship between Simfuni and your IdP.
      4. Attribute Mapping: Define the mapping of attributes between the IdP and SP. This ensures that user information is correctly transferred during the authentication process. You will need to provide attribute mappings for email address, and display name.
      5. Testing and Validation: Perform thorough testing to ensure the successful exchange of SAML assertions between the IdP and SP. Verify that users can log in seamlessly using federated access.

      Identity Provider (IdP) Checklist:

      1. IdP Metadata:

        • Provide the metadata URL or XML file containing IdP information

      2. Attribute Statements:

        • Define the attributes to be included in SAML assertions (email address, and display name)
        • Specify the format and mapping of these attributes.

      3. Certificate Information:

        • Share the public certificate used by your IdP to sign SAML assertions.
        • Confirm the validity period of the certificate.

      User Provisioning

      Please contact Simfuni for any user provisioning requests using support@simfuni.com.

       

      User Provisioning Request Checklist:

      1. Name

      2. Email address
      3. admin / non admin (you will need to assign one or more users administrative permissions)

       

      Once provisioned, the user will receive a welcome email which includes a link to log in to the partner portal.

      Assigning Permissions

      With federated access, user permissions are still assigned and managed within the Simfuni platform.

      Refer to User Permission Management.

      User Offboarding

      User offboarding is managed using your IdP, once offboarding has occurred in the IdP the impacted user will no longer be able to login to the partner portal.

      Additional Access Controls

      It is common practice to impose additional security controls when authenticating access into SaaS platforms.

      When authentication is federated these additional responsibilities are fully delegated to the IdP.

      Simfuni recommends the following conditional access controls are implemented in the IdP:

      • MFA (email, sms, or app based)
      • Device compliance checks
      • Geographic restrictions (block high risk locations)

      Simfuni can provide more advice on a case by case basis.