Articles on: Schools & enterprise plans

Set up Federation-based SAML Single Sign-On (SSO) for SimplyPrint

This guide is for SimplyPrint customers (Schools, Universities, Enterprises, Print Farms) who are members of a SAML federation such as InCommon, eduGAIN, or WAYF.

If you don’t use a federation and instead manage your own IdP, please see our other guides: Set up Single sign-on (SSO) for SimplyPrint

About SimplyPrint’s federation membership

SimplyPrint is a trusted member of eduGAIN through the Danish member of the federation, WAYF (Where Are You From).

WAYF membership info about eduGAIN
SimplyPrint federation metadata on WAYF
eduGAIN technical registry entry - search "SimplyPrint"
REFEDS Metadata Explorer Tool (MET)

Because eduGAIN connects national federations worldwide, this also makes SimplyPrint available in InCommon (world-wide, but often USA), WAYF (Denmark), and other connected federations.

This means you can integrate SimplyPrint with your organization’s IdP using only federation metadata exchange — no manual certificate copying or ACS/Entity ID setup is required.

Part 1: Exchange metadata

What you need from SimplyPrint

SimplyPrint’s federation metadata URL: https://simplyprint.io/saml/federation/metadata

Your federation or IdP may allow you to import this directly, or it can be validated in the eduGAIN registries above.

What we need from you

Your IdP Entity ID.
(Optional) Your Institution domain (schacHomeOrganization) if multiple institutions share the same IdP login (e.g., district-wide logins).

That’s it — once exchanged, federation ensures that SimplyPrint and your IdP trust each other.

Setup in SimplyPrint

Once your have your metadata URL / entity ID, go to the SimplyPrint web panel > Settings > Organization > Registration: https://simplyprint.io/panel/settings/organization#registration

Here, simply enable SAML SSO and enter your details - that's it!

Part 2: Attribute release requirements

We only require a minimal set of attributes. Our approach is privacy-friendly:

✅ Required

First name (urn:oid:2.5.4.42, givenName, gn, or equivalent)
Last name (urn:oid:2.5.4.4, sn, surname, or equivalent)

(Fallback: instead of first+last, you can release Full name — urn:oid:2.5.4.3, cn, displayName)

⚠️ Optional (recommended)

Email (urn:oid:0.9.2342.19200300.100.1.3, mail, email, or equivalent).

Optional — we work even without email, but it simplifies user management.

🔎 Organizational context (optional)

schacHomeOrganization (urn:oid:1.3.6.1.4.1.25178.1.2.9) – domain of your institution.
organizationName (urn:oid:2.5.4.10) – human-readable org name.

👥 Groups & roles (optional)

eduPersonAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.1)
eduPersonScopedAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.9)
eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7)
isMemberOf (urn:oid:1.3.6.1.4.1.5923.1.5.1.1)

These attributes can be mapped inside SimplyPrint to user groups, classes, or access rights, but they are not required for login.

Part 3: Multiple organizations using the same IdP

If your institution is part of a larger shared IdP (e.g., multiple schools in a district), you can specify the Institution domain in SimplyPrint’s SSO settings:

Field: schacHomeOrganization
Example: schooldistrict.k12.ca.us

This ensures SimplyPrint correctly maps logins to the right organization, even if the same Entity ID is used across multiple institutions.

Part 4: Testing the connection

Once metadata is exchanged and attributes are released:

Go to SimplyPrint login page.
Search for your organization or school in the dropdown.
Authenticate via your federation IdP.

If successful, you’ll land in SimplyPrint without needing a separate account.

Troubleshooting

If login doesn’t work, please check:

Are givenName and sn (or cn/name/displayName) being released? (Required)
Is your IdP sending attributes in a supported name/format (OID, friendlyName, or URI)?
If multiple orgs share your IdP, have you set the schacHomeOrganization field?
If email is not released, users may still log in, but functionality like account recovery will be limited.

If issues persist, contact your federation operator (WAYF, InCommon, or your national eduGAIN member) to ensure attributes are being released to SimplyPrint.

Done! 🎉

Your SimplyPrint organization is now connected via Federation SAML SSO. Thanks to eduGAIN, this integration is secure, standards-compliant, and privacy-respecting — requiring only minimal user data.

Resources:

Updated on: 19/09/2025

Was this article helpful?

Thank you!