Introduction to SSO

What is SSO?

SSO is an abbreviation of “Single Sign On”. SSO enables users to sign into multiple products and services with one set of user credentials, commonly assigned by your organisation. SSO is made up of 3 parts:

  • Identity Provider (IdP) - This tool provides validation of the user's identity. The IdP is something your organisation will control, usually the IT department, where your internal user credentials are managed for things like Office 365 and others.
  • Service Provider (SP) - This is the tool that you would like to use, in this instance SmartSurvey.
  • The User – The user is part of a user directory that is managed by your organisation, which commonly provides you with your organisation log in credentials. The IdP checks the user is entitled to access the various services allocated to them and provides access based on your credentials being correct, e.g an Office 365 login. 

How can it help me?

SSO supports various outcomes:

Easier management of users

SSO enables sub users to sign up automatically to SmartSurvey if they have been given access within the Identity Provider. In this case the sub-user can use the SSO login URL and sign up directly to create their account, using their existing credentials, automatically creating the user under the master admin account. 

Increased security

Using an IdP gives you better visibility of who is accessing which products within your organisation as well as enabling you to remove access centrally, for example disabling previous employees in one place rather than many. 

Save your employees time

Your sub users can simply access SmartSurvey tusing their existing user credentials removing the need to manage multiple usernames and passwords. For example linking directly from an internal intranet through to SmartSurvey. 

What do I need?

SSO is available as an option on our enterprise plans. Please contact your account manager for pricing and to enable access to the SSO set up page within your account. 

You’ll need to have an Identify Provider in place that can provide you with a discovery end point. Then follow our helpguides linked below. 

Technical Summary

SmartSurvey’s SSO feature works with Open ID Connect. You’ll need to decide whether you’re sub users will use SSO or not – you cannot mix SSO and normal log in access.

It’s either enabled for all users or not. PKCE verification used in this process and SHA256 for the code verification process. If you’re IdP does not support PKCE then this will fail invisibly. If you support PKCE but not SHA256, please contact support to discuss options.

Managing Users

Each new user will automatically be linked to your organisational account and the billing will work according to your agreed plan and pricing, various soft and hard mechanisms will take place if your exceed your user limit.

If you want to reduce the accounts you are paying for, then you will need to delete those users manually and/or block them in your Identity provider. Note that blocking them in your provider does NOT automatically perform any operations on SmartSurvey so you could find yourself with many orphaned accounts unless you are actively managing them from SmartSurvey. 

Was this guide helpful?