<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5003644&amp;fmt=gif">
Skip to content
English
Contact Us Customer Portal
  • There are no suggestions because the search field is empty.

Single Sign-On (SSO) FAQs

Common questions about setting up and using Single Sign-On with Acorn.

What is Single Sign-On?

Single Sign-On (SSO) is a login method that lets you access multiple apps or systems with one set of credentials—usually the username and password you already use at work. Instead of signing in separately to each tool, SSO authenticates you once through your organization’s identity provider, then grants you access wherever you need to go. This makes logging in faster, more secure, and much easier to manage.

What SSO protocols does Acorn use?

Acorn supports SAML 2.0, OpenIDConnect and OAuth 2.0 as standard protocols for enabling Single Sign-On (SSO) integrations. While SAML 2.0 is most commonly used for enterprise identity management, OAuth 2.0 can also be supported depending on your organisation’s preferred setup and use case. 

Can I have a custom SSO connection to my Acorn site?

Yes. Acorn can support custom SSO configurations for customers, however, typically at an additional charge. Please speak to the Acorn team and we can review the request and determine feasibility. Custom SSO setups are handled on a case-by-case basis depending on technical complexity and alignment with the platform.

What providers do we prefer to integrate with?

Acorn is compatible with all major Identity Providers such as Azure AD, Okta, Ping Identity, ADFS and Google. There’s no strict preference, but these are the most commonly supported. 

Does Acorn support Azure AD B2C?

No. Acorn no longer supports Azure AD B2C SSO configurations.

How long does it take to set up my SSO integration? (Testing evironment vs. Production)

Integration time varies by customer readiness. A testing environment can typically be configured within 2 - 3 days after we receive the necessary configuration information. Production deployment depends on successful testing, but can follow quickly afterward if metadata and mappings are correctly configured.

Can new users be created through SSO?

Yes. Acorn supports Just-In-Time (JIT) provisioning, which means new users can be created in Acorn automatically when they log in for the first time through SSO. Please indicate with our team that you require JIT and it will be enabled during the configuration process.

Can existing users be updated through SSO?

Yes. Acorn supports user profile updates during login via SSO using mapped attributes such as first name, last name, and other custom attributes. However, email addresses and usernames cannot be updated via SSO once the user is created. This allows user data to stay aligned with your IdP while preserving unique identifiers within Acorn. 

What user data/attributes can be passed through SSO?

Acorn allows for up to 30 custom attributes to be passed from your IdP. Commonly mapped attributes include: 

  • User ID/ Username (mandatory- email can be mapped to username too) 
  • Email Address (mandatory) 
  • First Name (mandatory) 
  • Last Name (mandatory) 
  • Additional attributes can be added as required. 

What does the SSO setup process generally look like from start to finish?

The integration process typically involves: 

  • Exchanging metadata files or URLs between the client and Acorn 
  • Mapping identity attributes 
  • Setting logic options i.e. user creation or redirect preferences 
  • Testing in a non-production environment 
  • Deploying SSO in production following successful testing

What testing options do I have? 

Acorn supports testing through a dedicated test environment, where you can validate your metadata, encryption settings, and attribute mappings before deploying to production.

Is a test configuration/environment required before production deployment?

While not mandatory, Acorn highly recommends testing in a non-production environment before final deployment. This ensures that all attribute mappings and login flows work as expected.

What is the preferred format for Metadata, and whats the best way to provide this?

Acorn accepts both XML metadata files and metadata URLs. The preferred and easiest method is via a URL so that updates can be retrieved automatically.

Are URL Redirect options available?

Yes. Acorn supports automatic redirection to your corporate SSO sign-in page. This feature disables the standard Acorn login and ensures all users authenticate via your IdP.

Does Acorn recommend using POST or REDIRECT binding?

Acorn recommends POST binding for the SAML request to the IdP. 

Is SAML assertion encryption supported?

Yes. Acorn supports both encrypted and unencrypted SAML assertions. You should indicate your preference during setup.

What information do I need to provide to have SSO implemented with my Acorn site?

To configure SSO, you will need to provide: 

  • Your IdP's metadata file or URL (both test and production
  • Encryption and binding preferences (POST or REDIRECT) 
  • Whether the SAML assertion is encrypted 
  • The SSO application/vendor name (e.g., Azure, Okta) 
  • The technical contact for SSO setup 
  • A list of mapped user attributes 
  • Identify if user creation is allowed/required

What troubleshooting resources do I have access to from Acorn - e.g. Who can I contact if I have an issue with my SSO configuration?

You can contact the Acorn Support Team at support@acorn.works. Our dedicated support team consists of Technical Support team members who directly work on the Acorn platform.