What is Single Sign-on or SSO?
Single Sign-on (SSO) is an authentication method that allows you to securely authenticate with multiple applications by using just one set of credentials. In this case, it'll enable you to log in to GetFeedback using your organization's internal login system.
What are the main benefits of a SSO?
- Users only need to sign in one time to access multiple applications and do not have to manage different credentials for each.
- Manually inviting new employees to use GetFeedback is no longer required. A new account will be automatically created for any user granted access to GetFeedback in the organization's identity provider.
- Manually deactivating GetFeedback accounts for outgoing employees is not required. Employees will automatically lose access once they are removed from the organization's identity provider.
- Your company can enforce the same level of security requirements for users authenticating in multiple applications (e.g. password requirements and expiration dates, 2-factor authentication, etc).
Scope of our SSO
General:
- Our GetFeedback SSO connection supports Identity Providers with SAML configurations (SAML 1.1 or SAML 2.0).
- The setup is done manually by our team after the customer provides the necessary configuration parameters from their identity provider.
- After the SAML connection is established, all the account team members will be required to login via SSO. Users won't be able to login with their email / password anymore.
GetFeedback Digital (former Usabilla):
- New users no longer need to be manually invited through the Team Settings page. New accounts are automatically provisioned at the first time they login.
- New users automatically get a default role of Read Only with access to No Buttons. Permissions/Roles can still be adjusted by admins via the Team Settings page.
- Users who become invalid on the company’s identity provider will lose access to GetFeedback once their current active session ends (e.g. user logs out).
GetFeedback Direct (former GetFeedback):
- New users no longer need to be manually invited through the Team Settings page. New accounts are automatically provisioned at the first time they login.
- Users who become invalid on the company’s identity provider will lose access to GetFeedback once their current active session ends (e.g. user logs out).
How to setup an SSO connection with GetFeedback
If you're interested in setting up a SSO connection with GetFeedback, please contact your CSM with the following information:
- Your identity provider
e.g. Okta, Azure AD, OneLogin, etc. - Signing certificate (including algorithm)
This is your identity provider's SAMLp server public key, encoded in PEM or CER format. - Sign in endpoint
This is the URL in your identity provider that users get redirected to in order to sign in. - Email domains you'd like to enable SSO for
This is so your users get identified in the login page as SSO users, and can be directed to the sign in page. - SAML assertion example (or the key for the field that contains the user’s email)
This is the field in your identity provider's SAML implementation that contains the user's email address.
Any questions? Feel free to react our to our Support team at support@usabilla.com.