Medallia Web URLs with SSO

When Single sign-on (SSO) is enabled, links to a company's Medallia Web reporting instance include sso/ after the domain reference, like this for production instances:

https://INSTANCE.medallia.com/sso/COMPANY/...

The "sso" in the URL indicates the user is accessing the system using single sign-on. Companies can support both SSO and manual sign-in at the same time.

Note: Omit the "sso/" in the URL to use traditional username and password sign-on.

For sandboxes, it looks like this:

https://<sandbox-name>.sbx.<data-center>.medallia.<type>/sso/COMPANY/

For information see Sandboxes.

When single sign-on is enabled, some system URLs — such as those in processing reports, notification emails, and custom reports that include links to the surveys — are automatically updated to always include "sso" in the URL. This is not configurable. However, hard-coded URLs — such as those in in alert emails — need to be manually updated to use the SSO URL, such as

$WEBAPP_SECURE_URL$/sso/$COMPANY_URL$/respInvForm.do?surveyid=$SURVEY_INTERNAL_ID$

Important: When the user attempts to connect with a URL that links to a page in the site, that information is passed to the IdP which then passes it back to Medallia Web reporting, which uses it to open the intended page. If the user is being sent to the home page instead of the intended page, the IdP has not configured support for the RelayState parameter. For information about this situation, see SAML 2.0, review SAML 2.0 Profiles and look for the section titled Redirect to IdP SSO Service.