HMAC-SHA1 is a type of SSO authentication that allows QuestionPro users to log in while they are already using the organization's internal systems.
HMAC expanded as the Hash-based Message Authentication Code involves a cryptographic hash function and a secret key. It is used to verify the data integrity and the authenticity of a message.
HMAC authentication is a product of a hash function applied to the body of a message along with a secret key. Instead of sending the authentication data via a service request, the system sends an identifier for the private key and an HMAC. When the server receives the request, it looks up the user's private key and uses it to create an HMAC. If the HMAC submitted with the request matches the one calculated by the server, then the request is authenticated.
QuestionPro uses HMAC SHA1 to pass tokens to a pre-specified endpoint using which the application admin can grant access to their members to the platform.
QuestionPro users can select the type of authentication they want to set for logging in other users of their organization. While setting up the HMAC SH1 authentication, users need to enter:
Key: A 36 character key used for hashing the time in seconds.
Timestamp: The time window for which the survey URL will be valid.
You'll need to pass the following security token fields via the URL.
SurveyID: A unique survey identifier
Ts: When the token was created in UTC time (seconds)
Hash: HMAC-SHA1 hash of the seconds (UTC)
Mode: Mode of the authentication i.e., HMAC-SHA1
For more details on how to set it up, refer our help file on HMAC SH1 authentication.