SAML stands for Security Assertion Markup Language.
It is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
QuestionPro provides SAML based Single Sign-On (SSO) which allows users in your organization to use their corporate login credentials to log in to the QuestionPro platform. Thus they don’t need to maintain a separate username and password for the QuestionPro platform.
For enabling SAML authentication for your account please go to:
User Profile >> Global Settings
Select SAML (Signed) under SSO Authentication. There are three ways of setting up SSO:
The easiest way to configure SSO is to use a link to your identity provider's metadata file if they provide one. Simply select Metadata URL, enter the URL, and click Save. QuestionPro will download the configuration file, parse it, and configure everything.
Some identity providers require you to download the metadata file instead of giving you a link. In that case, select the Metadata File option, choose the file you downloaded from your identity provider, and click Save. This sends the file to QuestionPro, where it is parsed and the crucial information is extracted. It is important to note that QuestionPro does not save the metadata file. If you must make any configuration changes, you will need to upload the file again or make changes using the Manual Settings option.
To manually set up the configuration, you will need to provide two things:
The SAML identity provider must be configured to provide only one attribute: emailAddress.
This attribute allows QuestionPro to properly identify the user and automatically provision access.
Yes. It is possible to map new users to a specific Business Unit/ Team, to do that add the user attribute named "teamName" in your SAML assertion which will contain the team name from your QuestionPro account or add the user attribute named "businessUnitID" in your SAML Assertion which will contain the business unit ID (Team ID) from your QuestionPro account. This will add the new user under a specific Business Unit/ Team whose ID/Name is present in the user's profile field.
Yes, you can do that by enabling the Restrict login to SSO option
If Restrict login to SSO is disabled all users will be able to log in via both the IdP and QuestionPro
If the Restrict Login to SSO is enabled, any users that attempt to login directly via QuestionPro will not be able to and will see the following message: "This account is restricted to Single Sign-On only. Please contact your account admin for assistance."
If you want the users to be redirected to a specific page once they logout from QuestionPro, you can use the Logout URL option.
Please note that this is a simple redirection and not Single Log-Out.
Yes. It is possible to enable SSO authentication on Report links. To enable SSO for report links
This feature is available with the following license :