How do I set up SSO for my domain?
- Send your request to Support via this form with the subject "SSO Request." In the body of the message, please include:
- The domain name for which you want SSO enabled
(Please include all domains you would like linked if using more than one - e.g., company.com, company-us.com, company-eu.com, etc.) - Identity provider entity id (IDP Entity ID)
- Identity provider SSO callback URL (IDP SSO Target URL)
- The domain name for which you want SSO enabled
- Please configure the following requirements:
- Set Name ID format to EmailAddress
- Set firstName, lastName, and email as attributes in SAML assertions
- Set IdP Certificate in a .cer or .pem format, if possible
Note: When generating the certificate, please ensure it's set to use SHA-256 and above. If you cannot change this or would prefer another method, let us know.
Once SSO is enabled, everyone using UserTesting with that email domain will need to sign in through SSO. In other words, if the domain is "company.com," everyone with an @company.com address will be required to use SSO.
Frequently Asked Questions
Q: What NameID format should we set?
A: We expect "username" to be sent as an email address.
Q: Should the Name ID format be explicitly specified as email, or is the standard Unspecified format expected?
A: The Name ID format should be specified as "EmailAddress."
Q: Are there any additional attribute statements or settings (RelayState/Response/Assertion Signature/etc.) you require or that contain non-standard values?
A: Yes. Please set Relay/State to https://app.usertesting.com/sessions/from_idp if you want to use IdP-initiated login. You'll also need to send first name, last name, and email address as attributes.
Q: What happens if my IdP domain is used for more than one UserTesting Account?
A: If the domain associated with your email address is associated with more than one account, you must invite new users to each account you would like to add them to. You can switch accounts via the dropdown menu in the upper-righthand corner of your dashboard.
Q: Do you support auto-provisioning of users (e.g., SCIM)?
A: Currently, we do not. All users are managed on the Manage Team page within the app. Please note that if a user is removed from your IdP, they will not access the platform.
Q: Do you support SP or IdP initiated login?
A: Yes, we support both. For SP initiated login, please log in at https://app.usertesting.com/users/sso_sign_in. For IdP initiated login, please set your Relay/State to https://app.usertesting.com/sessions/from_idp.
Q: How can I get access to SSO?
A: Any customer with a current UserTesting subscription can request setting up SSO. To learn more about setting up self-service single sign-on (SSO) click here.
Q: Will I need SAML metadata from you to set up this SSO?
A: Yes, our team will provide you with our metadata after reviewing your request.
For all other inquiries, please send a message to Support or call us at 800-903-9493.
Please provide any feedback you have on this article. Your feedback will be used to improve the article, and when you submit your survey, you'll be entered into a drawing for a $50 Amazon gift card. This survey should take five minutes to complete. Article evaluations will remain completely confidential.