This article will guide you through enabling Okta configuration in your account.
SAML SSO gives users a centralized and secure way of controlling access to their organizations. When you join an organization that uses SAML SSO, you sign in through the organization's IdP, and your existing Survicate account is linked to an external identity that belongs to the organization.
❗️This feature is available on some of our plans. Please check out our Pricing page for more information or talk to us on chat 👉.
How to enable Okta configuration?
❗Before you start, you need to ensure you are your organization's owner. Only account owners can set up SAML Authentication.
Please go to Settings ➡️ SAML Authentication and click Enable SAML authentication toggle. Leave the tab open, as you'll need the data from here.
Okta - Identity Provider (IdP) setup
1. Once you have an Okta account created, add a new app:
2. Under SAML Settings, you will be asked to provide Single-sign-on URL /ACS (Consumer) URL and Audience URI.
You can find a Single sign-on URL under ACS (Consumer) URL in Survicate:
While Audience URI is the same URL, it has a different ending with /metadata
instead of /acs
.
So if your Single sign-on URL or ACS (Consumer) URL is:
https://panel-api.survicate.com/settings/saml/1234/acs
Your Audience URI will be:
https://panel-api.survicate.com/settings/saml/1234/metadata
3. In the end, your settings should look like this:
4. On the bottom of the screen, click Next and then Finish. Go to Sign on-page and View setup instructions.
From here, you'll need a Single Sign-On URL, Provider Issuer, and X.509 Certificate:
Survicate setup
1. In the Survicate SAML Authentication tab, paste the Provider Issuer to Issuer field, Single Sign-On URL to Sign-on URL, and X.509 Certificate to Public certificate.
Passwordless authentication
You can choose to require teammates to use their passwords to login to the Survicate account, or opt for a frictionless process, by switching on this option:
Thanks to this feature, by default, all new users, who use SAML won't be required to provide the password to log in to Survicate.
Enforce SAML Login for everyone in the organization
This option will become available after SAML is successfully configured and the Survicate account's first SAML login occurs. It lets you ensure that all teammates will be able to use SAML to log in.
Grant access to all workspaces when inviting users through SSO
If you choose to enable this option, and your Survicate organization has multiple workspaces, all new teammates you'll invite to join your account will automatically gain access to all the workspaces.
Once you click Save configuration you will get a list of recovery codes.
❗ Please save them; you will need those to bypass the Single Sign-On when you don't have access to the SAML provider anymore.
Logging in
Now, with SAML enabled, to avoid using your login and password on the Survicate login page, you can log in directly from your SSO provider. Once you sign in via SSO, and Passwordless authentication is enabled, you will not be asked for your Survicate password.
📞 If you have any questions or need assistance - feel free to reach out to our team via chat or email: support@survicate.com.