This article will guide you through enabling SAML authentication with Microsoft Azure on your account.
Single sign-on is an authentication method that allows you to sign in using one set of credentials to multiple independent software systems. With SSO you can access all needed applications without being required to authenticate using different credentials.
How to enable SAML authentication?
1. Please go to Settings > SAML Authentication and click Enable SAML authentication toggle. Leave the tab open, as you'll need the data from here.
2. Log in to your Microsoft Azure account, and go to Enterprise applications to create a new non-gallery app.
3. Once your app is created, find Single sign-on in the side menu and select SAML as a single-sign-on method.
4. Under Basic SAML configuration, you'll need to provide:
Identifier (Entity ID) is the same URL but has a different ending with
Reply URL (Assertion Consumer Service URL) can be found under ACS (Consumer) URL in Survicate:
Sign-on URL ends with
Corresponding Survicate field
Identifier (Entity ID)
Not available in UI
Reply URL (Assertion Consumer Service URL )
ACS (Consumer) URL
Sign on URL
Not available in UI
In the end, your settings should look like this:
5. Go to SAML Signing Certificate and download the Certificate (Base64).
6. Open the downloaded file with any notepad app. Copy and paste the content into the Public Certificate field in Survicate settings.
7. Copy the Login URL from Azure, paste it into the Sign-on URL field, and also the Azure AD Identifier to Issuer field in Survicate settings.
Corresponding Microsoft Azure field
Azure AD Identifier
You can choose to require teammates to use their passwords to login to the Survicate account, or opt for a frictionless process, by switching on this option:
Thanks to this feature, by default, all new users, who use SAML won't be required to provide the password to log in to Survicate.
Enforce SAML Login for everyone in the organization
This option will become available after SAML is successfully configured and the Survicate account's first SAML login occurs. It lets you ensure that all teammates will be able to use SAML to log in.
Grant access to all workspaces when inviting users through SSO
If you choose to enable this option, and your Survicate organization has multiple workspaces, all new teammates you'll invite to join your account will automatically gain access to all the workspaces.
Now, with SAML enabled, to avoid using your login and password on the Survicate login page, you can log in directly from your SSO provider. Once you sign-in via SSO, and Passwordless authentication is enabled, you will not be asked for your Survicate password.