Setting up SAML authentication

What is SAML?

SAML stands for Security Assertion Markup Language.

It is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

SurveyAnalytics provides SAML based Single Sign-On (SSO) which allows users in your organization to use their corporate login credentials to log in to the SurveyAnalytics platform. Thus they don’t need to maintain a separate username and password for the SurveyAnalytics platform.

Note: QuestionPro supports IdP Initiated SSO.

How to set up SAML SSO for login authentication?

For enabling SAML authentication please go to:

My Account » Global Settings

Survey Software Help Image

Select SAML (Signed) under Login Authentication. There are three ways of setting up SSO:
  1. Metadata URL
  2. Metadata File
  3. Manual Settings

How can you set up SSO using Metadata URL?

The easiest way to configure SSO is to use a link to your identity provider's metadata file if they provide one. Simply select Metadata URL, enter the URL, and click Save. QuestionPro will download the configuration file, parse it, and configure everything.

Survey Software Help Image

How can you set up SSO using Metadata File?

Some identity providers require you to download the metadata file instead of giving you a link. In that case, select the Metadata File option, choose the file you downloaded from your identity provider, and click Save. This sends the file to QuestionPro, where it is parsed and the crucial information is extracted. It is important to note that QuestionPro does not save the metadata file. If you must make any configuration changes, you will need to upload the file again or make changes using the Manual Settings option.

Survey Software Help Image

How can you set up SSO using Manual Settings?

In order to manual set up the configuration, you will need to provide two things:

  1. Entity ID / User
  2. X509 Certificate

User Attributes

The SAML identity provider must be configured to provide only one attribute: emailAddress.

This attribute allows QuestionPro to properly identify the user and automatically provision access.

Can we restrict users to login via SSO only?

Yes, you can do that by enabling the Restrict login to SSO option

Survey Software Help Image

If Restrict login to SSO is disabled all users will be able to log in via both the IdP and QuestionPro

If the Restrict Login to SSO is enabled, any users that attempt to login directly via QuestionPro will not be able to and will see the following message: "This account is restricted to Single Sign-On only. Please contact your account admin for assistance."

What is Logout URL?

If you want the users to be redirected to a specific page once they logout from QuestionPro, you can use the Logout URL option.

Survey Software Help Image

Please note that this is a simple redirection and not Single Log-Out.

License & Access Options

This feature/tools described here are available with the following license(s) :

Enterprise Edition

Was this article helpful?
Sorry about that
How can we improve it?
Submit