SimpleAMS
EN English BG Български
Get started
setup integrations sso

SAML single sign-on with Okta, Azure AD or OneLogin

Let your staff sign into SimpleAMS with their corporate identity. SP-initiated flow, certificate trust, ACS URL paste-in.

May 27, 2026 6 min read SimpleAMS

SimpleAMS supports SP-initiated SAML 2.0: the user clicks "Sign in with SSO" on the login page, we redirect to your IdP, they authenticate, the IdP posts a signed assertion back to our ACS URL, we provision/sign-in.

The three things we need from your IdP

  • IdP Entity ID - a URL identifying your IdP.
  • IdP SSO URL - where we redirect for authentication.
  • IdP x509 certificate - the public certificate we verify assertions against (PEM format, with BEGIN/END headers).

The two things your IdP needs from us

SimpleAMS shows them on the SAML integration card:

  • SP Entity ID - https://yourtenant.simpleams.co.uk
  • ACS URL - https://yourtenant.simpleams.co.uk/auth/saml/acs

Okta walk-through

  1. In Okta admin, Applications → Create App Integration → SAML 2.0.
  2. App name: "SimpleAMS". Logo optional.
  3. SAML settings:
    • Single sign-on URL: paste our ACS URL.
    • Audience URI (SP Entity ID): paste our SP Entity ID.
    • Name ID format: EmailAddress.
    • Application username: Email.
  4. Click Next → Finish.
  5. From the app's Sign On tab, click View SAML setup instructions and copy the IdP values into SimpleAMS.

Azure AD / Entra ID

  1. Enterprise applications → New application → Create your own application → Integrate any other application.
  2. From Single sign-on, choose SAML.
  3. Edit Basic SAML Configuration, paste our SP Entity ID and ACS URL.
  4. From SAML Signing Certificate, download Certificate (Base64). Open in a text editor - the PEM block (with BEGIN/END) goes into SimpleAMS.
  5. From Set up SimpleAMS, copy the Login URL and Azure AD Identifier into SimpleAMS as IdP SSO URL and Entity ID.

OneLogin

  1. From the OneLogin admin, Applications → Add App → SAML Custom Connector (Advanced).
  2. Edit, set ACS URL and Audience to our values.
  3. From the SSO tab, copy SAML 2.0 Endpoint (HTTP), Issuer URL, and the X.509 cert into SimpleAMS.

Verify

On the SimpleAMS login page you'll see a new Sign in with SSO button. Click it - your IdP should challenge, you authenticate, you land back inside the workspace.

Common errors

  • "Invalid signature": your cert paste is missing the BEGIN/END headers or got line-wrapped weirdly. Paste again clean.
  • "User not found": SAML doesn't auto-provision in SimpleAMS - the user has to exist as staff with a matching email already. SCIM auto-provisioning is a separate integration, see SCIM setup.
  • "Audience mismatch": SP Entity ID at your IdP doesn't exactly match ours. Copy it again from the SimpleAMS integration card.
Share this article

Cookies on this site. We use strictly-necessary cookies to keep you signed in. With your permission we also use analytics and marketing cookies. You can change this any time. Cookie Policy.