Single Sign-On (SSO) Setup Instructions


How do I set up SSO for my domain?

  1. Send your request to Support via this form with the subject “SSO Request.” In the body of the message, please include:
    1. The domain name for which you want SSO enabled
      i. (Please include all domains that you would like linked if using more than one - i.e.,,, etc.) 
    2. Identity provider entity id (IDP Entity ID)
    3. Identity provider SSO callback URL (IDP SSO Target URL)

  2. Please attach to the form: 
    1. Name ID format: EmailAddress
      Note: We require that Name ID format is set to EmailAddress and first and last names are sent as attributes in SAML assertions
    1. IdP Certificate, in a .cer or .pem format if possible
      Note: When generating the certificate, please ensure it's set to use SHA-256 and above. If you are not able to change this, or would prefer another method, let us know.

Please note:  once SSO is enabled, everyone using UserTesting with that email domain will need to sign in through SSO. In other words, if the domain is "," everyone with an address will be required to use SSO.


Frequently Asked Questions:

What NameID format should we set?

We expect "username" to be sent as an email address.

Should the Name ID format be explicitly specified as email, or is the standard Unspecified format expected? 

The Name ID format should be specified as "EmailAddress". 

Are there any additional attribute statements or settings (RelayState/Response/Assertion Signature/etc) you require or that contain non-standard values? 

No. We don’t require any non-standard values.

What happens if my IdP domain is used for more than one UserTesting Account?

If the domain associated with your email address is associated with more than one account, you must invite new users to each account you would like to add them to. You can switch accounts via the dropdown menu in the upper-righthand corner of your dashboard.

Do you support auto-provisioning of users (e.g. SCIM)?

Currently, we do not. All users are managed in the “Manage Team” page within the app. Please note, if a user is removed from your IdP, they will not be able to access the platform.

Do you support SP or IDP initiated login?

We support both, however if you want to use IDP initiated login, please set RelayState to:

How can I get access to SSO?

SSO is available in the Premium package. Contact your Customer Success Manager for more information.


For all other inquiries;

Send a message to Support, or give us a call at 800-903-9493.

Was this article helpful?
4 out of 4 found this helpful



Article is closed for comments.