1. Prerequisites
If you want to use Azure AD, please send email to sales@surveypal.com
To configure Azure AD integration with Surveypal, you need the following items:
- An Azure AD subscription
- A Surveypal single sign-on enabled subscription
- Surveypal tool Admin rights
2. Configuration
Tip!
If your view looks different, you can try switching between experiences in Azure.
You will need your Azure Tenant ID for this setup, here is how you can find it.
1. Open ‘Azure Active Directory’.
2. Open ‘App registrations’
3. Choose ‘New registration’
4. Give your application a name and choose who can use this application/access this API. We’ll set up the Redirect URI later on. Click ‘Register’.
A new view opens with the information of your app. You need “Application (client) ID” and “Directory (tenant) ID” later on, so keep those in mind. You can copy paste them to Notepad to keep them on hand.
5. Next we need to create a secret for the app. Click “Certificates & secrets”
6. Choose “New client secret”
7. Type a fitting description for your secret and choose when you want the rule to expire. Click “Add”.
8. The secret is created and shown. IMPORTANT! This is the only time the secret value will be shown, so be sure to copy it.
9. Log in to Surveypal, click your account on the bottom left hand corner and choose “Your account”. Choose “Sign in settings” from the top of the page. Enable single sign on. Choose “Azure AD” from the dropdown menu.
Set a name, and paste “Directory (tenant) ID” and “Application (client) ID”. Also insert the newly created secret key.
10. Copy the value of “Redirect URL”. Go back to Azure AD and your app, click Authentication
11. Click “Add a platform”
12. In ‘Configure platforms’ click “Web”
13. Insert copied Redirect url to “Redirect URIs”. You can set “Logout URL” as ‘https://my.surveypal.com/app/logout’. This will cause your users to also log out of Surveypal, if they log out of their Azure AD account. Click “Configure”.
14. Now your setup is done. When your users are logged into your AD accounts, they can go to the "Login URL" that can be found from sign in settings, and they will be automatically logged into their Surveypal account.
3. Common questions
Do I need to create a new user account first to Surveypal before SSO login works?
Surveypal does not support provisioning. This means that you need to create a new user account to Surveypal also when you add it to Azure.
This is how you can add new Surveypal user:
- Add a new user to Azure group which have right to use Surveypal
- Surveypal admin user creates a new user to Surveypal
- New user gets confirmation email from Surveypal
- User clicks email confirmation link, creates a password (which is not needed with SSO but it's still mandatory to create it) and confirm account
- User will use SSO login link (available in Surveypal SSO settings) and login to Surveypal without password
Can I still use user accounts which are not in SSO, for example integration user account?
Yes you can if you don't select option "Disable standard password login" in Surveypal sing in settings.
If password login is allowed then all users can use it so they can select to use SSO or standard password login.