Single Sign-On (SSO) Integration with SmallWorld
SmallWorld supports Single Sign-On (SSO), allowing your team members to access our platform using the same login credentials they use for other enterprise applications. This integration is powered by WorkOS, a trusted authentication platform that connects SmallWorld with your organization's identity provider.
What is Single Sign-On?
Single Sign-On is an authentication method that allows users to log in once through their organization's identity system — such as Okta, Microsoft Entra ID (Azure AD), or Google Workspace — and gain access to multiple applications without entering separate credentials for each one.
Think of it like a master key: instead of carrying a separate key for every door in your building, you have one credential that opens all the doors your organization has granted you access to.
Why Use SSO with SmallWorld?
For your IT and security teams:
- Centralized access control from your existing identity provider
- Simplified user provisioning and deprovisioning
- Enforcement of your organization's security policies (MFA, password requirements, etc.)
- Reduced risk of credential-related security incidents
For your end users:
- One less password to remember and manage
- Faster login experience
- Seamless access alongside other enterprise tools
For administrators:
- Easier onboarding when new team members join
- Immediate access revocation when someone leaves the organization
- Audit trail of authentication events through your identity provider
How It Works
When SSO is enabled for your organization, the login flow works as follows:
- A user navigates to SmallWorld and enters their work email address.
- SmallWorld recognizes the email domain is configured for SSO and redirects the user to your organization's identity provider (e.g., Okta, Azure AD).
- The user authenticates with their corporate credentials (and completes MFA if your organization requires it).
- Once authenticated, the identity provider sends a secure token back to SmallWorld confirming the user's identity.
- SmallWorld grants access, and the user lands in the application — fully logged in.
This entire process typically takes just a few seconds and feels seamless to end users.
Supported Identity Providers
Through our WorkOS integration, SmallWorld supports SSO with any identity provider that uses the SAML 2.0 or OpenID Connect (OIDC) protocols. Common providers include:
- Okta
- Microsoft Entra ID (formerly Azure Active Directory)
- Google Workspace
- OneLogin
- JumpCloud
- Ping Identity
- Auth0
- And many others
If your organization uses a different identity provider, please contact us as chances are we can support it.
Setting Up SSO for Your Organization
Prerequisites
Before beginning the SSO setup process, ensure you have:
- Administrative access to your organization's identity provider
- The ability to create new application integrations in your IdP
- Your SmallWorld account administrator credentials
Configuration Process
SmallWorld provides a self-service Admin Portal that guides your IT administrator through the SSO configuration process. The general steps are:
- Request SSO enablement — Contact your SmallWorld account representative or submit a request through our support portal to enable SSO for your organization.
- Access the Admin Portal — Once enabled, your designated IT administrator will receive access to the SmallWorld Admin Portal where SSO connections are configured.
- Configure your identity provider — Follow the step-by-step instructions in the Admin Portal to create a new application integration in your IdP. This involves exchanging metadata between SmallWorld and your identity provider.
- Verify domain ownership — Confirm that your organization owns the email domain(s) that will use SSO. This security step ensures only authorized domains are linked to your SSO connection.
- Test the connection — Use the test functionality in the Admin Portal to verify the SSO flow works correctly before rolling out to your team.
- Roll out to users — Once testing is successful, communicate the change to your team. Users with existing SmallWorld accounts will automatically be upgraded to SSO login.
Frequently Asked Questions
What happens to existing users when SSO is enabled?
Existing SmallWorld users with email addresses matching your SSO-enabled domain will automatically transition to SSO authentication. They'll use the same SmallWorld account and retain all their data — only the login method changes.
Can users still log in with a password after SSO is enabled?
This depends on your organization's configuration. Most organizations choose to require SSO for all users on their domain, but SmallWorld can accommodate mixed authentication scenarios if needed.
What happens if our identity provider experiences downtime?
If your identity provider is unavailable, users will not be able to authenticate until service is restored. This is consistent with how SSO works across all enterprise applications — your IdP is the central authentication authority.
How quickly can access be revoked when someone leaves?
When you deactivate a user in your identity provider, they immediately lose the ability to authenticate to SmallWorld. Any active sessions will end according to your configured session policies.
Getting Help
If you have questions about SSO configuration or encounter issues during setup, please contact [email protected]. For identity provider-specific questions, your internal IT team or IdP vendor support can assist with configuration on their side.