1. Home
  2. Overige Resources
  3. FAQ
  4. Single Sign-On: Does Survalyzer support it?
  1. Home
  2. Administration
  3. Single Sign-On: Does Survalyzer support it?

Single Sign-On: Does Survalyzer support it?

The short answer is yes, Survalyzer supports Single sign-on.
To integrate Survalyzer with a corporate identity provider the following requiremens must be fulfilled:

  • The identity provider must be available through the Internet
  • The identity provider must support SAML 2.0
  • Single Sign-On must be enabled in the Survalyzer account
  • The certificate to validate the SAML token is provided

How Single Sign-On works:

By navigating to the Survalyzer admin application when SSO is turned on, the Application start a so-called Service-Provider initiated sign-on. The user is immediately redirected to the identity provider. The identity provider knows the user already from the computer login and issues a SAML token. The SAML token is returned to Survalyzer. The only requirement for the SAML token is, that it contains the users Email.

The SAML token is validated against the given certificate to ensure the identity of the issuer. If the SAML token is valid the Email claim is extracted and compared against Survalyzers user database.

Regardless if Single Sign-On is used or not the users must be provisioned in Survalyzer. Automatic provisioning through the identity provider is currently not supported. If a given user could be found the login is successful and the user can enter the application.

Schematic overview of the SSO process:

Relationship between User, Identity Provider and Service Provider.

Setting up the trust relationship is sometimes a bit tricky. Since the URL contains the SAMLRequest there is an excellent tool to decode the contained information. This tool can be found here: https://idp.ssocircle.com/sso/toolbox/samlDecode.jsp

Tool to decode the base64 SAML message

With this possibility identifier and URL mismatches could be found easily between the identity provider and the service provider.

Single Sign-On is not contained in the standard licenses and must be purchased separately. After purchasing this feature a timeline is agreed since both parties need to setup parts of the solution.

If you’re interested in a SSO solution don’t hesitate to contact us.

Updated on december 31, 2019

Was this article helpful?

Related Articles