Single Sign-On with SAML
Streamlined, Secure User Access with SSO
Using SAML-based single-sign-on (SSO) with Questionmark OnDemand provides users with streamlined access, simplifies administration and strengthens security.
Single sign-On (SSO) is the ability for one application, the identity provider, to tell another application, the service provider, who you are. In easier terms: Someone you trust authenticates your users for you. SAML is one of the most widely used protocols for web browser single sign-on (SSO), which allows systems to exchange authentication data on users by eliminating application-specific passwords.
With SAML-based SSO, users including assessment participants, item and assessment authors, reporting users and even administrators can be:
- authenticated against your IDP to access Questionmark OnDemand
- created "on the fly" in your OnDemand area
- assigned roles based on a SAML attribute
Benfits of SAML SSO with Questionmark OnDemand
How it works
SAML is one of the most widely used protocols for web browser single sign-on (SSO), which allows systems to exchange authentication data on users by eliminating application-specific passwords. SAML exchanges authentication data between an identity provider (IdP) and cloud application service provider (SP) that have an established trust relationship.
SSO with SAML involves three parties: A user, an IdP e.g. Microsoft Active Directory, and a SP e.g. Questionmark OnDemand. The IdP stores information about the user in a database, and when the user connects to the SP and attempts to authenticate, the SP delegates authentication to the IdP. The IdP validates the user against its identity database and sends a SAML assertion about that user to Questionmark OnDemand, which then gives the user access to the application.
If the user is not yet authenticated against the IdP, a login page is displayed in the user's browser. Typically, login consists of entering a username and password, but it can also include other authentication mechanisms that the IdP supports, such as multifactor authentication.