Single Sign-On allows access to SimpleTrials by authorized users without submitting their email and password via the login page. This requires the user to be authenticated via a supported “identity provider”. Use of Microsoft Entra (formerly Microsoft Azure Active Directory) as the identity provider is required, as Microsoft is the only identity provider supported initially. Any version of the Microsoft identity provider service which supports OAuth 2.0 should be compatible with SimpleTrials SSO.
To enable and use SSO:
Prerequisites:
- Use of Microsoft Entra or similar Microsoft identity provider service which supports OAuth 2.0.
- We highly recommend you work with your internal IT help desk to ensure SSO is set up in your Microsoft tenant, and to oversee the initial SSO login to SimpleTrials.
- The SimpleTrials support team is not able to advise clients on setup of the Microsoft identify provider service. That involves data security decisions that must be made by the client.
- For a user to login to SimpleTrials via SSO:
- They must have an activated account in SimpleTrials.
- Note that when activating their SimpleTrials account for the first time, the user will be required to set a password. That SimpleTrials password will not be required for login when SSO is utilized. Their SimpleTrials password may be used as an alternative method of login, via normal email/password login to SimpleTrials.
- Also, if using Electronic Signatures in SimpleTrials (e.g. submitting or approving electronic visit reports), users will still be required to provide their SimpleTrials email and password. SSO does not currently apply to electronic signatures within the application.
- Note that provisioning accounts via your Identity Provider is not currently supported.
- Note that when activating their SimpleTrials account for the first time, the user will be required to set a password. That SimpleTrials password will not be required for login when SSO is utilized. Their SimpleTrials password may be used as an alternative method of login, via normal email/password login to SimpleTrials.
- The email address used in the Microsoft identity provider service must match the SimpleTrials email address.
- They must have an activated account in SimpleTrials.
- A SimpleTrials Admin user must have the ability to “grant permissions” to SimpleTrials, as a service provider, within your identity provider configuration. This is required for SSO in order for the service provider and identity provider to share the authentication credentials.
Step 1: Enable SSO in SimpleTrials
SSO must be enabled by an Admin within the Admin > Subscription and Settings view within the Security Settings.
Step 2: Perform the first SSO Login
Per the prerequisite above, a SimpleTrials user (preferably the user who just enabled SSO in SImpleTrials) will now perform the first login, which will require them to grant permissions to SimpleTrials. Logout of your current SimpleTrials session, and then click “Sign in with Microsoft”. The first attempt to use SSO with your Microsoft identity provider service will require you to accept permissions. If you do not receive this web page to grant permissions, then it likely has already been done.
Step 3: You may be prompted by Microsoft to choose an account.
Microsoft allows users to have multiple accounts which are logged in concurrently. If you are logged into multiple accounts, you may be prompted by Microsoft to choose the account for SSO. In this case, you must choose the Microsoft account with email address that matches your SimpleTrials account.
Step 4: You may be prompted to choose a SimpleTrials workspace.
If you have access to multiple SimpleTrials client workspaces (e.g. contract CRA) then SimpleTrials may ask you to choose which client workspace you wish to login to.
Step 5: You are authenticated to SimpleTrials
You should be redirected to the Home / Study Chooser page, just like a normal login. If you used a specific link (e.g. from an alert) to access SimpleTrials, you may be redirected directly to that view and/or record.
Additional Notes:
- Enabling SSO will allow all SimpleTrials users who are also Microsoft users within your Microsoft tenant to utilize the SSO login.
- There is not an ability to grant SSO login capabilities to specific users.
- If your SimpleTrials workspace includes users who are external to your organization (e.g. a CRO client who has created accounts for Sponsor users), and you have SSO enabled, those external users will be able to use SSO, but via their own Microsoft tenant as identity provider.
- Once SSO is enabled in SimpleTrials, users will have the option to login via email + password, or via SSO. It is not currently possible to disable the email + password login (e.g. if you wish to enforce SSO only).
- To de-provision a user, we recommend that a SimpleTrials Administrator utilize the User Management features in SimpleTrials to "deactivate" the user account. De-provisioning of users via the identity provider is not currently supported.
Comments
0 comments
Please sign in to leave a comment.