This article will guide you through enabling SAML authentication with Microsoft Azure on your account.

Single sign-on is an authentication method that allows you to sign in using one set of credentials to multiple independent software systems. With SSO you can access all needed applications without being required to authenticate using different credentials.

Please note that if you need to use OneLogin or Okta specifically, please visit specific links to learn more about the setup.

❗This feature is available on the Team Insights plan. If you are interested in testing this feature, contact us at sales@survicate.com or strike up a chat conversation.

How to enable SAML authentication?

❗Before you start, you must ensure you are your organization's owner. Only account owners can set up SAML Authentication.

1. Please go to Settings > SAML Authentication and click Enable SAML authentication toggle. Leave the tab open, as you'll need the data from here.

2. Log in to your Microsoft Azure account, and go to Enterprise applications to create a new non-gallery app.

3. Once your app is created, find Single sign-on in the side menu and select SAML as a single-sign-on method.

4. Under Basic SAML configuration, you'll need to provide:

  • Identifier (Entity ID) is the same URL but has a different ending with /metadata instead of /acs.

    https://panel-api.survicate.com/settings/saml/{{your_organization_id}}/metadata

  • Reply URL (Assertion Consumer Service URL) can be found under ACS (Consumer) URL in Survicate:

  • Sign-on URL ends with /login

    https://panel-api.survicate.com/settings/saml/{{your_organization_id}}/login

Microsoft Azure

Corresponding Survicate field

Example:

Identifier (Entity ID)

Not available in UI

https://panel-api.survicate.com/settings/saml/12345/metadata

Reply URL (Assertion Consumer Service URL )

ACS (Consumer) URL

https://panel-api.survicate.com/settings/saml/12345/acs

Sign on URL

Not available in UI

https://panel-api.survicate.com/settings/saml/12345/login

In the end, your settings should look like this:

5. Go to SAML Signing Certificate and download the Certificate (Base64).

6. Open the downloaded file with any notepad app. Copy and paste the content into the Public Certificate field in Survicate settings.

7. Copy the Login URL from Azure, paste it into the Sign-on URL field, and also the Azure AD Identifier to Issuer field in Survicate settings.

Survicate

Corresponding Microsoft Azure field

Example:

Sign-on URL

Login URL

https://login.microsoftonline.com/a18ec2f5-5051-4200-82c1-0beb9a54d8a1/saml2

Issuer

Azure AD Identifier

https://sts.windows.net/a18ec2f5-5051-4200-82c1-0beb9a54d8a1/

8. Once you click "Save Configuration", you will get a list of recovery codes.

Please save them: you will need those to bypass the Single Sign-On when you don't have access to the SAML provider anymore.


📞 If you have any questions or need assistance - feel free to reach out to our team via chat or email: support@survicate.com

Did this answer your question?