Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. In the context of SurveyMonkey Apply, SSO implementation allows clients to leverage their existing user authentication framework to permit and provision access to a SurveyMonkey Apply site. By the end of this document, you will know how to set up such an integration using the OAuth protocol.
There are 4 key entities to an SSO integration:
Applicants are the only users who are permitted to sign in via SSO
To improve the user experience of external users who may be invited to your site (co-applicants, recommenders), your OAuth integration will not be utilized. Doing so will help prevent unforeseen challenges such as your users not being invited with an email address matching your IdP's records.
The Identity Provider is an instance of an SSO issuing server that is responsible for housing and validating a user’s account credentials as well as provisioning access. It has a few main purposes:
The Client Server is the software or system, in this case SurveyMonkey Apply, establishing a trust relationship with an IdP and requesting user account provisioning from that IdP. It is also responsible for consuming information (attributes/metadata) that may be passed from the IdP.
The protocol is what facilitates the integration between the IdP and Client-Server. It defines the handshake (sequence of events/data passing) for the integration.
What SSO provider will you be using? [OAuth]
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Which of your user groups will need to sign in via SSO?
How are users uniquely identified? OAuth must use email as their uID.
How will users enter Apply? Client Server-initiated SSO
What attributes need to be passed to Apply? [First name, Last name, email, etc.]
“Client Server initiated” SSO is when a user comes first to the SurveyMonkey Apply site, clicks the SSO sign-in button, and inputs their username and password. This then starts the authentication process with SurveyMonkey Apply sending out a call for authentication to the IdP.
Due to the technical nature of implementing an SSO Integration, and the number of authentication services, SM Apply recommends there to be a technical expert experienced with OAuth to be facilitating the configuration aspects on the client end.