SAML: Best Practices

Both the log-in and register buttons will redirect them to your log-in page.

Invited users (recommenders, collaborators) will sign in through native login as there is no guarantee that the SSO-related email address will be used. These types of users should access the site through their invited email or through the SurveyMonkey Apply Log In button.

Administrators without an SSO account login can still sign in to the site through the SM Apply login. To access the sign-on page you can also add /admin/ to the end of the site's URL. For example

Top right corner, Log in dropdown, and SurveyMonkey Apply is highlighted in red

Contact details for the primary individual implementing the SSO integration on your end should be provided to your Customer Engagement Representative.

It is recommended that your IdP is configured to auto-update SM Apply’s SP metadata. There are two reasons for this:

  1. For security purposes; we may release updates to our metadata (certificate updates, encryption values)
  2. For stability; metadata updates can introduce periods of time where the SAML connection may fail due to non-matching certificates
  3. Changing an SM Apply site’s domain to a custom domain will reflect changes in the SP metadata

Sites wishing to use a custom domain should have a domain in place prior to configuring SAML. If the custom domain is not added to the site prior to SAML being set up, issues might occur as Apply’s metadata may reference a URL that is unknown to your IdP.