SSO terminology
These are terms frequently used when talking about Single sign-on (SSO) and the SAML protocol.
- Identity provider (IdP)
- An external system that companies use to host and authenticates user account information. Some examples of IdP are Okta, OneLogin, Cierge, KeyCloak, and Gluu.
- Service provider (SP)
- A system that uses an IdP to authenticate user access to its services: Medallia Experience Cloud.
- Assertion
- The message (SAML XML) from the IdP indicating whether or not the user is authorized to access the service.
- Assertion attribute name
- Name of the assertion XML attribute in the SAML whose value identifies the user account in Experience Cloud.
- IdP issuer
- The Identity Provider Issuer name expected in the SAML response.
- IdP certificate
- An Identity Provider Certificate (public key) necessary to decrypt the SAML response.
- IdP request URL (aka SSO Service URL)
- The URL the SP uses to contact the IdP to request authentication of a user account.
- Inbound SSO
- When a user signs in to an Experience Cloud application (the SP) using an external IdP.
- Outbound SSO
- When an Experience Cloud user connects to an external system without having to sign in to the system. Experience Cloud is the identity provider (IdP) and the external system is the service provider (SP).
- SP issuer
- The URL to the instance that users use to connect to the Medallia Web reporting instance, such as:
https://INSTANCE.medallia.com/sso/COMPANY
For more information, see Medallia Web URLs with SSO.
For sandboxes, the URL has the following format:
https://<sandbox-name>.sbx.<data-center>.medallia.<type>/sso/COMPANY/
- SP destination URL
- Also known as "call back URL" or "redirect URL/URI". The URL the IdP uses to contact the Medallia Web reporting instance. It always ends with "logonSubmit.do", like this:
https://INSTANCE.medallia.com/sso/COMPANY/logonSubmit.do
For more information, see Medallia Web URLs with SSO.
For sandboxes, the URL has the following format:
https://<sandbox-name>.sbx.<data-center>.medallia.<type>/sso/COMPANY/logonSubmit.do