Single Sign-on (SSO) is an authentication method that allows you to securely authenticate multiple applications with one set of credentials. In this case, you’ll be able to log in to GetFeedback using your organization's internal login system.

  • Users only need to sign in one time to access multiple applications and do not have to manage different credentials for each.
  • You won’t need to invite new employees to use GetFeedback. A new account will automatically be created for any user granted access to GetFeedback in the organization's identity provider.
  • Employees will automatically lose access once they are removed from the organization's identity provider.
  • Your company can enforce the same level of security requirements across multiple applications (e.g. password requirements and expiration dates, 2-factor authentication, etc).
  • Our GetFeedback SSO connection supports Identity Providers with SAML configurations (SAML 1.1 or SAML 2.0).
  • Setup is completed by our team after receiving your SSO information.
  • GetFeedback doesn't have SCIM support and doesn't support provisioning of roles and groups.
  • Once the SAML connection is set up, all account team members are required to log in via SSO. Users won't be able to log in with their email/password.
  • New users won’t be invited through the Team Settings page. Instead, new accounts are set up the first time they log in.
  • New users are assigned read-only access. However, permissions and roles can be changed by admins from the Team Settings page.
  • Users removed from the company’s identity provider will lose access to GetFeedback once they log out.
  • GetFeedback Digital ( has JIT provisioning for SSO users. If someone logs in using SSO and doesn't exist in Digital, the user will be created automatically.

If you're interested in setting up an SSO connection with GetFeedback, please contact your CSM with the following information:

  • Your identity provider
    • e.g. Okta, Azure AD, OneLogin, etc.
  • Signing certificate (including algorithm)
    • This is your identity provider's SAMLp server public key, encoded in PEM or CER format.
  • Sign-in endpoint
    • This is the URL from your identity provider where users sign in.
  • Email domains you'd like to enable SSO for
    • Required so that your team is identified as SSO users and directed to the SSO sign-in page.
  • SAML assertion example (or the key for the field that contains the user’s email)
    • This is the field in your identity provider's SAML implementation that contains the user's email address.