Guide: Admins Getting Started Part 04 - Configuring Single Sign-On (SSO) for SimplyMerit

This guide explains how HR Administrators work with their IT teams and SimplyMerit Support to configure Single Sign-On (SSO) access using SAML.

Overview of SimplyMerit SSO Support

SimplyMerit supports SAML-based Single Sign-On (SSO).

At this time:

• SimplyMerit does not provide an XML metadata file

• SimplyMerit is not listed in SSO marketplaces (e.g., Azure Gallery)

• Manual configuration is required

Marketplace integrations and metadata-based setup are planned for the future.

Identity Providers Commonly Used with SimplyMerit

SimplyMerit has successfully implemented SAML SSO integrations with providers such as:

• Microsoft Azure / Entra ID

• OneLogin

• Okta

Other SAML-compliant identity providers may also be supported.

SimplyMerit SAML Configuration Details

Provide the following information to your IT team when setting up the SSO connection:

• Identifier (Entity ID)
  https://app.simplymerit.com:443/saml/metadata

• Reply URL (ACS / Consumer URL)
  https://app.simplymerit.com:443/saml/consume

SimplyMerit supports both:

• SHA-1

• SHA-256 (SHA-2)
  certificate signatures.

Information Required From Your IT Team

Your IT team will need to provide the following to SimplyMerit Support:

• Identity Provider (IdP) Entity ID

• Single Sign-On (SSO) URL

• X.509 Certificate thumbprint

• Confirmation of the hashing algorithm used (SHA-1 or SHA-256)

This information is required to complete the SAML trust relationship.

Required Security and Access Considerations

Before testing SSO, your IT team must:

• Assign users to the SimplyMerit SSO application

• Update any required security groups or access policies

• Ensure users attempting SSO are permitted by IdP rules

If a user is not granted access on the IdP side, SSO will fail even if SimplyMerit is configured correctly.

SSO Configuration Process

SSO setup follows this process:

1. Schedule a configuration meeting using the SimplyMerit Support calendar
   Required attendees:

   • Someone from your IT team who can configure SSO and security permissions

   • An HR Administrator for SimplyMerit (to test access)

   • SimplyMerit Support

2. Exchange SAML configuration details
   SimplyMerit Support works directly with your IT team to exchange identifiers, URLs, and certificate information.

3. Enable SSO in SimplyMerit
   SimplyMerit Support enables SSO on your account once configuration is complete.

4. HR Admin tests SSO login
   The HR Admin confirms successful login using SSO credentials.

Managing Access on the SimplyMerit Side

HR Administrators retain control over user access within SimplyMerit, even when SSO is enabled.

Admin-level controls include:

• Enabling or disabling invitation-based login

• Locking or unlocking user accounts

• Controlling whether users may authenticate outside of SSO (if allowed)

These controls allow HR to manage access independently of IT when needed.

Summary

SimplyMerit supports SAML-based SSO through manual configuration with your IT team.
Successful setup requires coordination between HR, IT, and SimplyMerit Support, along with proper security group assignment on the identity provider side.

Once enabled, SSO simplifies user access while allowing HR Admins to maintain control within SimplyMerit.

→ Next : Admins Getting Started Part 5 - Login, Passwords, and Locked Accounts