Single sign-on is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factors.
SSO is an additional feature with an extra fee. Please contact support for additional information.
This guide will teach you:
1. What is it and how does it work
2. Enabling SSO
Pointerpro supports enterprise-level Single-Sign-On connections using Auth0. This is a custom addition to the Enterprise, ReportR, and DistributR plans
If you are interested in having an SSO connection for your users, we need the following requirements from you to make a final pricing proposal:
- How many users will log in per month?
- Which platform would you like to use as an identity provider (Microsoft Azure, Google)?
- Would you like to enable SSO for login with surveys or login with the editor, or both?
3. Technical setup
We recommend using SAML as an authentication protocol with the identity provider. This is an open standard for exchanging authentication and authorization data between parties, in particular, between identity provider and service provider (Pointerpro). SAML is supported by a broad range of platforms, including Microsoft, and Google and can also be used as a standard for any custom platform.
Note that some configuration will also need to be done in your identity provider by you or someone of your technical team. It is advised to send us the contact details of this technical person.
To start setting up the SSO connection, Pointerpro will need the following details from you:
- Sign In Url or login url, e.g. https://login.microsoftonline.com/c1b4bd47-6db8-4964-ba05-2316b506ed87/saml2
- SAML Signing Certificate (Certificate (Base64)) https://share.getcloudapp.com/2NuX57AZ
- Sign out or logout url, e.g. https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
Once Pointerpro is ready to set up the connection, one of our team members will send you the details to complete the SSO connection on your side. These details will include:
- Post-back URL or reply URL, e.g. https://surveyanyplace.eu.auth0.com/login/callback?connection=sso-saml-sa-test
- Entity id or identifier, e.g. urn:auth0:surveyanyplace:sso-saml-sa-test
- A client id, is a unique string representing your SSO connection that you need if you want to setup SSO on surveys
- A personal editor login URL for your organization, e.g. app.pointerpro.com/sso/acmecompany
4. User attributes
Pointerpro supports the usage of the following SAML token claims:
- email address
- given name
- family name
- role
The role attribute will be used to set the user role on login with the editor, and must be any of the following values
- ENTERPRISE_RESTRICTED_MEMBER
- ENTERPRISE_TEAM_MEMBER
- ENTERPRISE_ADMIN
- ENTERPRISE_REPORTING_VIEWER
If no valid role was configured, the user will be assigned to the FREE role.
If you would like to use different attributes or claims let us know your use case and we'll see what we can do.
5. Good to know
- When using SSO for survey the system will automatically create a contact on your account for that user. The responses made by the user will be identified with that contact
- If a user logging into the editor with SSO, already has an account with Pointerpro that was created manually before, then this account will be used to log in, regardless if the user is already part of the organization or not
What's next?
- White labeling allows you to remove Pointerpro's brand and logo from our product and replace it with your own. There are a lot of possibilities for branding your questionnaire by design. But if you want to fully brand your questionnaire by using your own link, you can white-label your questionnaire.
Zapier integration feature allows you to connect your existing company's Zapier account with Pointerpro. Zapier is a tool that enables the transfer of data from one web app to another one. Set up a Zap workflow to connect different apps, using a specified event as the trigger for starting the workflow.
A Webhook is a notification sent over the web, which transfers data from one app to another when something happens. In the case of surveys, whenever a new response is entered, this triggers a notification to be sent automatically.