No login is required to complete Peakon surveys, however managers must login to access their engagement analytics dashboards.
With single sign-on, managers with dashboard access will be able to login with their existing company identity, and will not need to keep a separate set of login credentials for Peakon. This will also allow them to directly access Peakon from your company's central app portal. Peakon integrates seamlessly with any external system capable of acting as a SAML 2.0 identity provider.
It is also possible to mandate single sign-on for all users, including account administrators, so that it is only possible to login using single sign-on.
About SAML 2.0
SAML (Security Assertion Markup Language) is a popular open standard for authentication and authorisation between two parties. These parties are commonly referred to as an identity provider, such as Microsoft Azure Active Directory, and a service provider application such as Peakon. The user sign-in flow can be initiated both from the service provider website as well as directly from an identity provider’s app portal page.
If your existing central identity management system supports the SAML protocol it can be configured as the single sign-on for Peakon. Popular hosted services with SAML support include, but are not limited to:
- Set up single sign-on with G Suite (Google Apps)
- Set up single sign-on with Microsoft ADFS
- Set up single sign-on with Azure AD through the App Gallery
- Set up single sign-on with Okta
- Set up single sign-on with OneLogin
How to configure single sign-on
While the individual instructions may differ based on the identity provider, the general instructions are as follows:
Click on Administration in the bottom left corner of the Peakon dashboard
Choose Integrations and then select Single Sign-On
Click the Connect button and you’ll be taken to the page you see in the screenshot below
Input your SSO login URL (and optionally SSO logout URL) and certificate
You can also retrieve the entity ID and reply URL (ACS) for Peakon.
Toggling on the Force authentication option will require anyone logging into the system to go through the login step (providing email/password, typically) in the SSO system, even if they have an active session.
Please note: Users who access their dashboards for the first time using their email confirmation link, will gain access without having to authenticate using SSO for the first time only. All subsequent logins require the authentication via SSO.