Single sign-on (SSO) is a mechanism for automatically authenticating users when they access applications. When a user connects to a Medallia Experience Cloud application (a service provider or SP), the application verifies the user's account with the company's single sign-on identity provider (IdP). Once connected, users remains signed in until they sign-out or their session expires. By using single sign-on,

• Companies manage and authenticate user access separate from Experience Cloud.

• Users do not sign in to Experience Cloud with a username and password.

• Users do not need an existing account on Experience Cloud: the system can create an account for new users based on information provided by the IdP.

When a user signs in to a Experience Cloud application using an external IdP, it is called Inbound SSO. Sometimes users who are already signed into Experience Cloud navigate to external applications (SPs) and they are automatically signed-in to the app. In that later case Experience Cloud is the IdP, and the process is called Outbound SSO.

Additional information is available in these topics:

• SSO terminology defines common SSO terms.

• Inbound SSO describes how to configure inbound SSO to use an external IdP to authenticate users accessing Medallia applications.

• Mobile single sign-on (SSO) explain how mobile apps use SSO.

• Medallia Web URLs with SSO details how links access Medallia Web reporting when SSO is enabled.

• Outbound SSO describes how to use Medallia Experience Cloud as an IdP.

• SP- versus IdP-initiated sessions explains the differences in these two forms of session initiation and when to use each.