This article takes you through the steps you will need to take to login to your Semble account with SSO (Single Sign-On)
SSO (Single Sign-On) is an authentication process that allows users to access multiple applications or services with one set of login credentials. Enabling SSO on your practice's Semble account means that you will be able to log in using your SSO provider’s credentials.
SSO simplifies the user experience by eliminating the need to log in separately to each application, saving time and reducing the hassle of remembering multiple passwords. It integrates with various identity providers (IDPs) such as Okta, Azure AD, or Google.
Semble supports SSO integration using SAML 2.0 and OpenID Connect protocols.
In this article:
Linked Articles:
Login to Semble (Without SSO)
Enable SSO for Your Practice
To enable SSO for your practice, please reach out to accountmanagement@semble.io.
Note that currently this feature is not available for all practices.
How to login with SSO
Steps to use SSO with Semble:
Go to Semble Login Page and click on Log in with SSO.
If your practice uses SSO, enter the email address linked to your SSO provider and click Continue.
You will be redirected to your SSO provider’s portal (e.g., Okta). Log in with your SSO credentials.
Once logged in, you will be redirected back to Semble and successfully logged in.
Note:
- When logging in with SSO, you cannot change your user email on Semble. Any email address changes must be made through your SSO provider.
- As you do not log in with a password when using SSO, there is no option to change your password within Semble. All password management will need to be done through your SSO provider.
Troubleshooting
When enabling or using SSO with Semble, you may encounter certain errors. Below are some of the most common error messages and steps to troubleshoot them:
List of Errors:
"This SSO email is not linked to a Semble account"
Cause: This error means the email address you are using for SSO is verified with your Identity Provider (IdP), but it is not associated with a Semble account.
Solution: You will need to contact your administrator to create a user account for this email address in Semble
-png.png?width=500&height=266&name=image-20241115-125325%20(1)-png.png)
"User is not assigned to the client application."
Cause: This error occurs from your IdP (Identity Provider). It means the user's account is not added to the IdP, or the correct permissions are not granted.
Solution: Your administrator should ensure the user is properly assigned to the client application in your IdP
-png.png?width=500&height=256&name=image-20241115-115752%20(1)-png.png)
"Failed to connect to auth server"
Cause: This error indicates that Semble is unable to connect to the authentication server. It may be caused by incorrect configuration or a temporary server issue.
Solution: Check if the server is down or experiencing issues. Configuration issues are logged in Datadog.
-png.png?width=500&height=256&name=image-20241115-113932%20(1)-png.png)
"The SAML audience is invalid. Contact your account administrator."
Cause: This SAML error occurs when there is a mismatch between the audience in the IdP setup and the one Semble uses. The audience is the front-end URL used to access Semble, e.g., https://CLIENT_PREFIX-app.semble.io.
Solution: The administrator should update the SAML audience to match Semble’s value (e.g., https://CLIENT_PREFIX-app.semble.io).
-png.png?width=500&height=254&name=image-20241115-120805%20(1)-png.png)
"There is a server issue. Try again in a few minutes."
Cause: This error comes from your OIDC IdP, indicating that there is a temporary server issue on their side.
Solution: Wait for a few minutes and try logging in again. If the issue persists, contact your IdP for assistance.
-png.png?width=500&height=266&name=image-20241115-122357%20(1)-png.png)
"The service is temporarily unavailable. Try again later."
Cause: This error also originates from your OIDC IdP and indicates that the service is temporarily unavailable.
Solution: Wait for the issue to be resolved and try logging in again later.
-png.png?width=500&height=266&name=image-20241115-122515%20(1)-png.png)
"Authorisation issue. Contact your account administrator."
Cause: This error occurs from your OIDC IdP and typically happens when the SSO configuration is incorrect.
Solution: The administrator should review the SSO configuration or contact the IdP’s support team.
-png.png?width=500&height=266&name=image-20241115-122440%20(1)-png.png)
"Something went wrong."
Cause: This is a generic error that can occur for various reasons, including server issues.
Solution: If this error is persistent, clients should troubleshoot the issue with technical or customer support. Issues related to SAML can be logged in Datadog for further investigation.
-png.png?width=500&height=255&name=image-20241115-121112%20(1)-png.png)
For any questions or support, please contact support@semble.io.