m
Design & Manage
Design & Manage ÿ
Get Responses
Get Responses ÿ
Analyze Results
Analyze Results ÿ
Account & Billing
Account & Billing ÿ
Privacy & Legal
Privacy & Legal ÿ
Taking Surveys
Other Products ÿ
[ Back Account & Billing / Teams and Collaboration

Single Sign-On (SSO)

surveymonkey goldie logoEnterprise feature: Existing Enterprise customers, contact your Customer Success Manager. If you’re interested in Enterprise, chat with sales →

Jump to...

 

How SSO Works

Single Sign-On (SSO) lets everyone on your Enterprise team log in to SurveyMonkey using your organization’s corporate login credentials.

SSO removes the need to maintain a separate SurveyMonkey username and password. Your organization can control who can access your SurveyMonkey team and create authentication policies for increased security.

SurveyMonkey’s SSO solution follows the S​AML 2.0 specification and is Service Provider (SP) initiated.

SSO glossary

 

TermDescription
Service Provider (SP)A vendor that provides services to your organization. In relation to SSO, the SP is SurveyMonkey.
Identity Provider (IdP)A company that provides user authentication services. IdPs manage whether an employee can access a SP, like SurveyMonkey or other applications. Okta and ADFS are common IdPs.
Security Assertion Markup Language (SAML)The language the IdP and SP communicate in. SurveyMonkey follows the SAML 2.0 technical specifications to exchange info with your organization's IdP.
AttributesPieces of info about an employee that an IdP uses for authentication. SurveyMonkey requires 4 attributes—FirstName, LastName, Email, and NameID.
Claim TypesPieces of info about a user on a team that SurveyMonkey accepts. Attributes from your IdP need to be mapped to SurveyMonkey claims so SSO works correctly.
AssertionAn assertion is made up of one or more statements. SurveyMonkey requires certain attribute statements in our assertions.

 

Setting Up SSO

After your organization purchases SSO, your CSM will contact your team’s Primary Admin to start the setup process and connect with your IT department. We recommend waiting to invite people to your Enterprise team until SurveyMonkey confirms that SSO is set up properly.

Here's a high-level breakdown of what to expect when setting up SSO:

§ Input and map metadata

Enter SurveyMonkey's metadata XML info into your SAML IdP (if you store your team's data in the European Union, contact your CSM for a different file). You can map attributes from your IdP with the claim types SurveyMonkey accepts.

Mapping guide

 

Example IdP attributesClaim types SurveyMonkey acceptsMapping
Unique, non-changing identifier (e.g. UPN or employee ID)NameIDRequired
Email, emailaddressEmailRequired
FirstName, first.name, givenname, Given-NameFirstNameRequired
SurnameLastNameRequired
Department, DepartmentID, department nameDepartmentOptional *
CostCenter, cost center numberCostCenterCodeOptional *

* Optional attributes can help you track and monitor team activity in the Admin Dashboard.

ë Send us your metadata

Send SurveyMonkey your organization's metadata URL. If you’re unable to send the metadata URL, provide the XML file. We'll set up SSO in our system and send you steps to validate that it's working correctly.

We need the following from you:

  • Entity ID
  • HTTP Redirect Endpoint
  • X.509 Certificate (specifically the Signing KeyType)

SurveyMonkey will set up SSO in our system and send you steps to validate that it's working correctly.

í Invite employees to access SurveyMonkey

If you want to restrict some employees from accessing your team, you can use Active Directory to permit or deny claims on the IdP side.

Primary Admins and Admins can always see how many Empty seats are available on their team from the Team Summary. When you’re ready, click Add Users from the top navigation and share your team's invite link to invite people to join. You can do this manually or add Users via CSV import.

Users will be able to create or convert an account to log in with SSO.

 

Logging In and Managing Login Credentials

Create or Convert an Account

The first time you log in to an SSO enabled SurveyMonkey account, choose to Create a new account or Convert an account.

  • Create a new account: Start fresh with no surveys.
  • Convert an account: make sure to review what to expect. You'll need to log in with your current SurveyMonkey username and password to authorize that you want to convert and move your surveys to your team.

After that initial login, you're all set up to log in to SurveyMonkey or the SurveyMonkey app with SSO.

Logging in to SurveyMonkey

To log in using SSO:

  1. From SurveyMonkey, click Log in with SSO.
  2. Enter your work email and click Continue.
  3. Enter your corporate login credentials.

Logging in to the Mobile App

Logging in with the iPhone app

To log in to the SurveyMonkey iPhone app with SSO:

  1. On the sign-in page, tap ( Log in with SSO
  2. Enter the email address you use for SSO.
  3. Tap Continue. We'll confirm your email address is associated with an SSO enabled account.
  4. Log in with your corporate login credentials.
Logging in with the Android app

To log in to the SurveyMonkey Android app with SSO:

  1. On the sign-in page, tap Trouble signing in? below the sign-in button.
  2. Tap ( Log in with SSO.
  3. Enter the email address you use for SSO.
  4. Tap Continue. We'll confirm your email address is associated with an SSO enabled account.
  5. Log in with your corporate login credentials.

Managing Login Credentials

After SSO is set up, everyone's login credentials are managed by your organization's network.

Please contact your IT department or network admin to:

  • Reset your password
  • Change your username
  • Change your email address

 

Troubleshooting Login Errors

Below are common errors with potential solutions to help resolve them.

We’re unable to authenticate your info at this time.

It's likely that there's been a server clock drift. Your IdP’s clock isn't aligned with the SAML assertion’s active window.

Reach out to your CSM to investigate and get you logged in.

The account you’re trying to log in to may be pending deletion.

If an account is pending deletion, please contact us for assistance permanently deleting the account.

The account you’re trying to log in to was reassigned by your Admin.

When an account is reassigned, an email is sent to the new account owner which needs to be accepted before the account can be accessed. Check your inbox for an invitation.

If you still need assistance, contact your Primary Admin or CSM for assistance.

We’re not able to find your account ID in our system.

Likely there's been a change to an employee’s unique identifier (such as an email address change). Contact your Primary Admin or reach out your CSM for assistance.

We’re not able to identify your group information.

SurveyMonkey may have incorrect metadata for your IdP. Contact your Primary Admin or reach out your CSM for assistance.

We’re not able to identify your group information due to an incorrect certificate.

SurveyMonkey may have an incorrect certificate configured. Contact your CSM for assistance.

TIP! If you need to contact us for support, please copy the error page’s URL and include it in your email.

 

Enabling Respondent Authentication

You can use Respondent Authentication to send more secure internal surveys and track the people taking your survey with SSO metadata.

TIP! Primary Admins can set a default Respondent Authentication setting for their entire Enterprise team.

Require Survey Takers to Log In with SSO

Respondent Authentication on the Web Link collector requires survey takers to log in through SSO to access your survey.

Responses are tracked with their SSO metadata—first name, last name, and email address. It isn't possible to make responses anonymous when Respondent Authentication is turned on.

Respondent Authentication is for surveys taken on personal devices—don't enable Respondent Authentication on a public or shared device.

To turn on Respondent Authentication:

  1. Go to the Collect Response section of your survey.
  2. Add a Web Link collector. Or, click the name of an existing Web Link.
  3. Click Respondent Authentication.
  4. Select On, your respondents need to authenticate to take your survey.

 

Single Sign-On (SSO) enables people on your team to use their corporate login credentials to log in to SurveyMonkey. Your organization can control who can access your SurveyMonkey team and create authentication policies for increased security.

Get answers

Create a free or paid account.

Already have an account? Log in for faster support.

Learn More

Contact Us

Fill out this contact form and we'll get back to you soon.

Get answers

Start making better decisions with the world's leading survey platform.

Already have an account? Log in for faster support.
English
Copyright © 1999-2021 Momentive