Single Sign-On (SSO)
Single Sign-On (SSO) enables users in your team to use their corporate login credentials to sign in to SurveyMonkey — eliminating the need to maintain a separate username and password for SurveyMonkey. SSO allows you to control access to SurveyMonkey across your organization and define authentication policies for increased security.
SurveyMonkey supports SSO through SAML 2.0 — an XML-based open standard data format for exchanging authentication and authorization data between two parties:
- Identity Provider (IdP): The authentication mechanism that your organization already uses. Some examples include Shibboleth, Ping and PingOne, OneLogin, and Okta.
- Service Provider (SP): SurveyMonkey.
Signing in with SSO
Team Sign-In URL
We'll provide you with a sign-in URL unique to your organization that all users in your organization can use to sign in to SurveyMonkey. The URL redirects to your IdP authentication page for SurveyMonkey. You can post the URL to your company's intranet, or ask users in your team to bookmark the page, so that the link is always accessible.
If you go to the regular SurveyMonkey sign-in page, you may see an orange banner to remind you to sign in through SSO instead.
The sign-in process differs based on your role in the team:
When an existing member of your team signs in via the sign-in URL, they'll immediately proceed to the My Surveys page in their account.
When a user who is not yet a part of your team clicks the sign-in link, they reach a sign-up page where they can join your team. They can either create a new account as part of your team, or convert their existing SurveyMonkey account to be part of the team.
The Primary Admin must sign in via the normal SurveyMonkey sign-in page.
To sign in with SSO in the SurveyMonkey app:
- On the sign-in page, tap Trouble signing in?.
- Choose Single Sign-On.
- Enter the email address you use for SSO.
- Tap Continue. We'll check if your email address is associated with an account with SSO enabled.
- Log in with your company login credentials.
Managing Login Credentials
If SSO is set up in your organization, all users except the Primary Admin must manage their login credentials within their own network.
Please contact your IT department or network admin if you need to do any of the following tasks:
- Reset your password
- Change your username
- Change your email address
Reassigning or Deleting Accounts
To reassign or delete an account from an SSO-enabled group:
- The Primary Admin must first update their internal system to block that user's access to SurveyMonkey.
- Follow the steps in SurveyMonkey to reassign or delete the account.
When SSO is enabled for your Enterprise team, you get access to more collector options that let you send more secure internal surveys, and track respondents with SSO metadata.
Require Respondents to Log in with SSO
You can enable the Respondent Authentication collector option on any Web Link Collector to require respondents to sign in through SSO in order to access your survey. When someone opens the survey link, they're prompted to log in through SSO, and then redirected to the survey so they can fill it out.
To turn on Respondent Authentication:
- Go to the Collect Response section of your survey.
- Click the name of the collector.
- Click Respondent Authentication.
- Select On, your respondents need to authenticate to take your survey.
Track Respondents with SSO Metadata
When the Respondent Authentication collector option is turned on, you can also choose to track respondents by attaching SSO profile information (first name, last name, and email address) to their survey responses.
To track responses with SSO:
- Turn on the Respondent Authentication collector option.
- Click Anonymous Responses—you may need to click Show advanced options to find this setting.
- Select Off, include respondents' SSO profile.
Keep in mind, the format of the respondent's first name and last name must follow a specific format in your IdP application in order to be passed through to your survey results successfully.
The system will automatically make the string lowercase and remove any underscores. After that reformatting, they must result in the following format:
- LastName or Last_name would be reformatted to lastname, which is valid.
- Last name would be reformatted to last name, which isn't valid.