Configuring Medallia as IdP for survey authentication

An Identity provider (IdP) is an external system that companies use to host and authenticate user account information for single-sign on. The first step for survey authentication is to configure the IdPs, so that they can be later assigned to specific surveys.

Medallia Experience Cloud can be set up as an IdP for survey authentication. This needs to be done only once per instance.

Tip: Every Experience Cloud instance and company has unique SAML metadata. To learn the metadata defined for a company instance, use this URL: https://<instance hostname>/<company>/samlIdpMetadata.

To set up Experience Cloud as an IdP:

  1. Go to Integrations > Outbound SSO > Service Providers. For more information, see Service Providers.

  2. On the Service Providers screen, enter the following data:

    • SP NameAuthn Survey SP

    • SSO protocolSAML2

    • ApplicationAuthnSurvey

      Tip: Use AuthnSurvey for this parameter; however, note that the configuration works with other values as long as the application name entered here matches the application name entered on the Service Providers screen.

    • IdP ProfileMedallia SAML Generic IDP

    • Entity ID — Survey Authentication service URL

      Warning: This URL is different for each data center. Make sure you enter the correct URL for the data center of the instance. For information, see Survey authentication service URLs .

    • Use HTTP POST bindingOn

    • Encrypt SAML assertionsOff

    • Sign SAML assertionsOn

    • Assertion Consumer URL — Same URL as the Entity ID, but add /saml at the end. Make sure you enter the correct URL for the data center of the instance.

  3. Click Save.

Next, get the metadata file and upload it:

  1. Go to Integrations > Inbound SSO > Single Sign-on. For more information, see Configuring SAML for survey authentication.

  2. On the Single Sign-on screen, click Generate SAML Metadata File.

  3. Navigate to Integrations > Security > Survey Authentication > SAML Survey Identity Providers.

  4. On the SAML Survey Identity Providers screen, click Choose file next to Metadata file and upload the file.

  5. On the SAML Survey Identity Providers screen:

    1. To direct users to the login screen — that is, the client's users enter their username and password directly into the Experience Cloud login screen — verify that the SSO Endpoint parameter is set to https://[COMPANY].medallia.com/[COMPANY]/idpSubmit?AppName=AuthnSurvey, or update AppName to match your application name in the steps above.

      Tip: You can only direct user users to one endpoint so, if any of the users need to enter in username and password to take the survey, set your endpoint to the login screen and enable Inbound SSO.

    2. To direct clients' users directly to SSO and bypass the Medallia login screen entirely, verify that the SSO Endpoint parameter is set to https://[COMPANY].medallia.com/sso/[COMPANY]/idpSubmit?AppName=AuthnSurvey instead. This redirects users instantly through the Medallia IdP and sends them directly to their own IdP for authentication.

  6. Click Save.

The instance is now configured to use Experience Cloud for survey authentication. For more information, see Medallia as Identity Provider.