Single sign-on (SSO)

Single sign-on (SSO) is a mechanism for automatically authenticating users when they access applications. When a user connects to a Medallia Experience Cloud application (a service provider or SP), the application verifies the user's account with the company's single sign-on identity provider (IdP). Once connected, users remains signed in until they sign-out or their session expires. By using single sign-on,

  • Companies manage and authenticate user access separate from Experience Cloud.

  • Users do not sign in to Experience Cloud with a username and password.

  • Users do not need an existing account on Experience Cloud: the system can create an account for new users based on information provided by the IdP.

SSO authentication is performed by the IdP

When a user signs in to a Experience Cloud application using an external IdP, it is called Inbound SSO. Sometimes users who are already signed into Experience Cloud navigate to external applications (SPs) and they are automatically signed-in to the app. In that later case Experience Cloud is the IdP, and the process is called Outbound SSO.

Restriction: Medallia Experience Cloud uses SAML 2.0 and OIDC protocols only; Medallia previously supported other SSO protocols, but at this time, the other protocols are deprecated or obsolete. Note that, while we support both SAML 2.0 and OIDC protocols, only one is supported at any one time per instance. As soon as one protocol is enabled, the other is disabled.

Additional information is available in these topics: