The short answer is yes, Survalyzer supports Single sign-on.
To integrate Survalyzer with a corporate identity provider the following requiremens must be fulfilled:
- The identity provider must be available through the Internet
- The identity provider must support SAML 2.0
- Single Sign-On must be enabled in the Survalyzer account
- The certificate to validate the SAML token is provided
How Single Sign-On works:
By navigating to the Survalyzer admin application when SSO is turned on, the Application start a so-called Service-Provider initiated sign-on. The user is immediately redirected to the identity provider. The identity provider knows the user already from the computer login and issues a SAML token. The SAML token is returned to Survalyzer. The only requirement for the SAML token is, that it contains the users Email.
The SAML token is validated against the given certificate to ensure the identity of the issuer. If the SAML token is valid the Email claim is extracted and compared against Survalyzers user database.
Regardless if Single Sign-On is used or not the users must be provisioned in Survalyzer. Automatic provisioning through the identity provider is currently not supported. If a given user could be found the login is successful and the user can enter the application.
Schematic overview of the SSO process:
Setting up the trust relationship is sometimes a bit tricky. Since the URL contains the SAMLRequest there is an excellent tool to decode the contained information. This tool can be found here: https://idp.ssocircle.com/sso/toolbox/samlDecode.jsp
With this possibility identifier and URL mismatches could be found easily between the identity provider and the service provider.
Single Sign-On is not contained in the standard licenses and must be purchased separately. After purchasing this feature a timeline is agreed since both parties need to setup parts of the solution.
If you’re interested in a SSO solution don’t hesitate to contact us.