m

Manage Accounts with SCIM

BETA FEATURE: This feature is only for Enterprise teams that have Single Sign-On (SSO) set up.

To keep your team’s SurveyMonkey accounts up to date with information stored in an identity provider (IdP), such as Azure Active Directory, you can link the systems using the System for Cross-Domain Identity Management (SCIM). This helps your IT department keep track of accounts across multiple platforms.

Jump to...

Manage Accounts with SCIM

When you set up account provisioning with SCIM, some account management features will change. Here’s what will be mapped, synced, and managed for each user in the identity provider:

  • When someone joins or leaves your organization
  • Username
  • First and last name
  • Email address
  • Divisions (if set up for your team)

Primary Admins and Admins will continue to manage the following within SurveyMonkey:

  • Account reassignment
  • Role and seat assignments
  • Accounts that don’t have SSO enabled
  • Account deletion

 

Set Up SCIM Provisioning

Only the Primary Admin can set up SCIM provisioning for your organization. To make sure SCIM is a good fit for your IdP, the Primary Admin should check in with their SurveyMonkey Customer Success Manager (CSM) and their organization’s IT department.

Once the team is aligned, the Primary Admin can:

  1. Go to Settings.
  2. Select User provisioning with SCIM.
  3. Copy the SCIM endpoint link and provide it to your IT partner.
  4. Select Generate token. Treat this unique token as you would your Primary Admin password and only give it to your IT partner.

Your organization’s IT partner will use the SCIM endpoint link and access token during set up of the IdP. They will also need to adjust the default mapping for your team’s needs.

Mapping guide

Below are mapping examples for your IT department to use with Azure Active Directory.

Example IdP attributes
SurveyMonkey SCIM Attributes*
Mapping in SurveyMonkey
userPrincipalNameuserNameDisplay name
IsSoftDeletedactiveGroup member status
mailemails[type eq "work"].valueEmail address
givenNamename.givenNameFirst name
surnamename.familyNameLast name
userPrincipalNameuserNameDisplay name
mailNicknameexternalIdn/a
employeeId

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber

Employee ID
department

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division

Divisions
department

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department

Department

* Attributes help you track and monitor team activity in the SurveyMonkey Admin Dashboard. All SCIM operations will be listed, including errors and failures.

To confirm SCIM is set up properly, your IT partner should manually provision one user through the IdP. Then, have the Primary Admin check the SurveyMonkey Activity page to see if the provision is there.

 

Revoke SCIM Provisioning

If you need to disconnect Surveymonkey from your IdP so the systems no longer sync, the Primary Admin can revoke SCIM provisioning. As long as SSO is enabled, there will be no impact to users who have already been synced.

To revoke the SCIM provisioning:

  1. Go to Settings.
  2. Select User provisioning with SCIM.
  3. Next to the access token, select Revoke.
Use SCIM to keep SurveyMonkey accounts up to date with information stored in an identity provider (IdP).

Get answers