What is single sign-on?

Before Medallia Ideas will let someone log into your community it needs to know 2 things:

1. That the person is who they say they are (authentication).

2. That the person has permission to log into the community (access).

Single sign-on (SSO) is a way of proving someone's identity (authentication), it allows them to sign into your Crowdicity community using their existing log in details i.e. their company username and password.

With SSO you will still need to give users permission to log into your Medallia Ideas community. You can find out how to do this in Invite people to join your community.

Can I add SSO to an existing community?

Yes, absolutely! You can add an SSO method to your community as soon as you're ready to do so.

What happens to users with existing Medallia Ideas accounts?

As long as the email address from the Single Sign-On accounts matches the email address the user entered to register their Medallia Ideas account, Medallia Ideas will match them up with their existing account

The first time they log in, the user will be prompted to approve the new login method by entering the password from their existing Medallia Ideas account (the email address field will be pre-populated):

What will users see when they log in using SSO?

When users visit a community which uses SSO, they'll be presented with an Organisational Login option:

You can change the name of this log in option in Community Settings in the Authentication tab in the SAML2 section:

Clicking Sign In will direct the user to the login page for your organization where they can enter their usual login credentials:

After entering their log in successfully they will then be returned to your Crowdicity Community. If it's the first time the user has logged in, they will be prompted to agree to the Crowdicity terms and complete their user profile information. When users go to the community login page and click 'Sign in', they will be redirected to your organization's sign-in page.

Getting single sign-on for your community

If you are a community administrator, you will need to contact your organization's IT support team, they will need to set up your organization's systems to work with your Medallia Ideas community.

Direct the relevant person or team to Setting up single sign-on. This guide contains step by step instructions on how to set up a single sign-on connection between your systems and Medallia Ideas.

You will also need to provide someone on your IT team with administrator-level access to your Medallia Ideas community so that they can configure the community settings for you.

Supported SSO connections

Crowdicity supports SAML2 and Azure active directory. We are also available as an app on OneLogin.

Setting up single sign-on provides downloadable step-by-step instructions on how to set up both SAML2 and Azure AD (via Saml) to work with Medallia Ideas.

FAQs

When are Medallia Ideas accounts created?

Medallia Ideas accounts are created for users the first time that they successfully log in using their organizational username and password.

Do users have to register?

Crowdicity automatically registers new users, creating a Crowdicity account based on the profile information we receive from your identity provider.

How is access to Medallia Ideas managed? Do I have to invite users?

If your Medallia Ideas community is Private (closed) then you need to invite users into the community, even if they are logging in using their organization username and password.

What happens when someone leaves the company, can they still log in?

If a user has been removed from your organization's active directory, they will not be able to log into their Medallia Ideas account using their single sign-on credentials, in other words, they won't be able to provide authentication.

To allow someone access to your community, you can either invite them using their email address or you can 'whitelist' all email addresses from a specific domain.

What information can you pull through from our system?

This depends on the information stored in your Active Directory, and the way that it is stored. In most cases, we will pull email, first name and surname (or full name). In many cases, we can also populate the Medallia Ideas platform with additional information such as job title, department, or location (if this information is available).

To remove a user from your community if you remove a user, they will no longer have access to your community; if a user logs into their account another way (ie not through SSO) then they will log into their Medallia Ideas account, but they won't be allowed into your community.

How can we pull additional information from our system?

If you would like to pull additional information from your active directory such as users title, department, you'll first need to create custom profile fields. Once created, these fields will be populated in Community Settings in the Authentication tab under SAML2 settings. For each field, you will need to map each field to the incoming SAML field to ensure the correct information is pulled over.

Can we lock profile fields so users can't edit them?

Yes, if you're pulling information from an active directory and would like to include existing data to a users profile, you can lock these fields. You can do this in Community Settings in the Authentication tab under SAML2 settings. Simply click the checkbox next to each field you would like to lock.

How long does it take to set up SSO?

Assuming your systems meet the necessary requirements, the process is straightforward: we have step by step documentation to assist your staff in the set-up. The length of time needed to set up SSO will depend on the availability and experience of your IT Team and the set up of your active directory.

If it is a relatively straightforward set-up, it can typically be done in under a day but if there are additional complications, it could take a number of days or, in rare cases, weeks to resolve.