/ /

App Management: Security/SSO

Updated 5 months ago

To get to the Security menu, head to Application settings > Application > Security.Security menu.gif

External IdP (SSO)

This is where app managers will go to set up their company's SSO with Simpplr. If you're using an external (3rd party) SSO vendor, you will choose the applicable vendor from the list.
image (64).png

Login type

This is where you select whether or not users are required to use SSO to log in, or if they can set up a separate set of credentials related only to Simpplr.

Provisioning

Here you can choose whether or not users will be self-provisioned to Simpplr when logging in via SSO for the first time.

Simpplr IdP (Non-SSO)

This section allows App managers to set up user logins via Simpplr itself. If your company does not use an SSO, this is where you'll set up user credentials and login methods. 


AWS

Login identifiers

At least one field that will also be provisioned/synced for users must be chosen here as a login identifier. This can be email, mobile phone number or an alternate identifier; Employee number (recommended) or a custom field created in Provision & sync users.

Account verification questions

All non-SSO users must complete account verification questions in order to log in to Simpplr. You must select at least one field to verify alternate login users during account setup. While initially hidden, selected fields will honor display settings in Provision & sync users after a user has activated their account. 

You can choose from the list of questions in the dropdown. Up to three questions can be added for verification.

 

Note:

First-time users will authenticate themselves with a one-time verification code if they use email/mobile as their login identifier and with account verification questions if they use their employee number. Existing users will continue to log in directly with their passwords without any extra authentication.

Password policy

This is where app managers can set the required parameters for users' passwords.
aws_password_policy.png

Work with your IT and security teams to figure out typical password requirements for your org's other applications. You can set the password settings the same here. If your company uses an SSO, the password requirements for that system will overwrite any requirements you set here, and this section will not apply. 

Session timeout

Here you can set the maximum amount of time any given user can be inactive while logged in for before Simpplr logs them out for security reasons. Then you can input an optional redirect url for when they are logged out. Note that the maximum session time before logging out is 24 hours, and that this only applies to the web app (mobile app is excluded from this rule).

If your org uses an SSO and has a timeout session setting in place already with that system, that will not carry over to Simpplr. You'll need to configure your timeout settings for Simpplr here, not your SSO. 

Whitelist setting

Here you can input an IP range to whitelist for access to Simpplr. You can then choose from the dropdown the hours you'd like the setting to be in effect. For example, say you want to allow users access to Simpplr only during work hours. You would configure those times here. Or you can choose Allow all hours to allow access any time. Whitelist time is applied for the timezone set in each user's Simpplr profile.

Work with your IT team to get the IP range you'll need to input here.
AWS_WHITELIST_IP_RANGES.png

 

 

Was this article helpful?
Subscribe to receive updates on this article