If your organization is currently using an identity provider (IdP) to manage logins to access to the various systems for your organization’s workers or customers, then applying single sign-on authentication (SSO) for surveys is a great fit for you. This will allow your employees to log in to their QuestionPro account with a single click, and while they are logged into your site, employees can answer SSO-enabled surveys with a single click. This is easier than forcing someone to remember many username and passwords of various vendor tools or having to apply additional layers of security settings to your surveys. A win-win for you and your security protocols!
Two birds, one SSO
- SAML SSO authentication – SSO using SAML authenticates survey creator to access QuestionPro from a secure site
- SSO take survey authentication – SSO survey authentication requires respondents to log into a secure site and then access a secure survey link.
What you need to get started with SSO – IdP URL
For the signed SSO connection, you will need the following three things:
- Entity ID – This is the globally-unique URL/string of your IdP entity. It’s similar to a mailing address that we, the service provider, use to contact your IdP.
- IdP login URL – This is the URL for logging in to your IdP. The Login URL is often very similar to the Entity ID URL. This is where we will send the SAML request.
- SSL certificate – This is your certificate file (.crt) for your IdP which can be downloaded from your SSL Issuer. We require base64 encoded files that include the begin and end tags.
If these items are unfamiliar to you, be sure to connect with your IT team to help you gather this information.
How to make QuestionPro a service provider as part of this single sign-on (SSO)
Using the signed SAML SSO, we are the service provider (SP) putting in a request to authenticate each respondent. QuestionPro initiates the IdP sign-on request every time a person accesses the survey.
For enabling SAML authentication please go to:
My Account » Global Settings » Select SSO Authentication
Select SAML (Signed) and add the following information:
- Configuration Type – Choose either metadata URL, metadata file, or manual settings and upload the file
- Issuer / Entity ID (required)
- Signing Certificate (required)
- Single Sign-On URL
- Logout URL (optional)
- Restrict SSO login (optional)
Restricting login sites
There is an option to add a “restricting to SSO only” feature which will allow users to login to QuestionPro via your organization’s website. They will not have the ability to login to QuestionPro’s site. Once this is enabled, the SAML SSO authentication is complete.
If you want to apply SSO authentication to your survey, then go to Survey » Security Settings » and select “Your Organization Name” SAML as the last option in the list and save changes.
Can I pass through attribute statements or custom variables from my external tool to be used for data analysis via the SSO authentication URL?
The answer to that is a resounding yes! To pass variables such as addresses, email, customer number, etc., you much first set up your attribute statements in your own platform that you are getting the Entity ID, IdP login URL, SSL certificate.
For example, we are using Okta to set up attribute statements (variables) that will pull and automatically passes through the SSO authentication network.
This is where you would get the Entity ID, IdP login URL, SSL certificate to add to your SSO set up in QuestionPro.
When the survey is completed by someone who is SSO authenticated, their attribute statements will be stored in the custom variable fields located in the raw data and can be used for advanced analysis.
To learn more about SAML SSO and how to set it up with your account, please contact our sales team and we’ll be happy to review your needs and provide the best solution for you.
