Although a login is not required to take surveys, users (account managers, account admins, report viewers) however, must login to access results.
Single sign-on (SSO) allows users with access to login with their existing organisation's credentials, and will not need to keep separate credentials to access AskYourTeam.
AskYourTeam seamlessly integrates with any external system capable of acting as a SAML 2.0 identity provider. When the SSO integration is enabled, users will only be able to login using single sign-on.
About SAML 2.0
SAML (Security Assertion Markup Language) is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between an Identity Provider such as Microsoft ADFS, and a Service Provider application such as AskYourTeam.
If your Identity Provider (iDP) supports the SAML2.0 protocol, then AskYourTeam can be configured for single sign on as a Service Provider.
How to configure single sign-on
SSO will need to be configured within the AskYourTeam system and Microsoft ADFS
Setup single sign-on with Microsoft ADFS
Add a new Relying Party Trust
- In your ADFS configuration, right click Relying Party Trust
- Click Add Relying Party Trust
- Enter the Entity ID from AskYourTeam (see screenshot above) as the metadata URL
- All settings should be configured automatically
Edit Relying Party Trust rules
Once you have created the Relying Party Trust, two claim rules need to be added.
- Right click and select Edit Claim Rules...
- Click Add Rule... to add a Send LDAP Attributes as Claims rule
- Attribute store: Active Directory
- LDAP Attribute: E-Mail-Addresses
- Outgoing Claim Type: E-Mail Address
- Click Add Rule... to add a Transform an Incoming Claim rule
- Incoming claim type: E-Mail Address
- Outgoing claim type: Name ID
- Outgoing name ID format: Email
- Pass through all claim values
- You should now have two rules defined.
Configure SSO integration in AskYourTeam
- Login to the AskYourTeam system
- Navigate to My Organisation
- Select the Integrations tab
- Click Connect under Single Sign-On
- Enter the SAML Single Sign-On Service URL
- This can be found in your ADFS configuration
- Enter the SAML Entity ID
- Enter a Sign-Out URL
- Enter the SAML Signing Certificate
- Once completed, hit Save