No login is required to complete Peakon surveys, however managers must login to access their engagement analytics dashboards.

With single sign-on, managers with dashboard access will be able to login with their existing company identity, and will not need to keep a separate set of login credentials for Peakon. This will also allow them to directly access Peakon from your company's central app portal. Peakon integrates seamlessly with any external system capable of acting as a SAML 2.0 identity provider.

Peakon's Premier clients also have the ability to mandate single sign-on for all users, including account administrators, so that it is only possible to login using single sign-on. 

About SAML 2.0

SAML (Security Assertion Markup Language) is a popular open standard for authentication and authorisation between two parties. These parties are commonly referred to as an identity provider, such as Microsoft Azure Active Directory, and a service provider application such as Peakon. The user sign-in flow can be initiated both from the service provider website as well as directly from an identity provider’s app portal page.

If your existing central identity management system supports the SAML protocol it can be configured as the single sign-on for Peakon. Popular hosted services with SAML support include, but are not limited to:

How to configure single sign-on

While the individual instructions may differ based on the identity provider, the general instructions are as follows:

  1. Click on Administration in the bottom left corner of the Peakon dashboard
  2. Choose Integrations and then select Single Sign-On 
  3. Click the Connect button and you’ll be taken to the page you see in the screenshot below
  4. Input your SSO login URL (and optionally SSO logout URL) and certificate
  5. You can also retrieve the entity ID and reply URL (ACS) for Peakon. 

Toggling on the Force authentication option will require anyone logging into the system to go through the login step (providing email/password, typically) in the SSO system, even if they have an active session.

Please note: Users who access their dashboards for the first time using their email confirmation link, will gain access without having to authenticate using SSO for the first time only. All subsequent logins require the authentication via SSO.

Article: Set up single sign-on with G Suite (Google Apps)
Article: Set up single sign-on with Microsoft ADFS
Article: Set up single sign-on with MS Azure AD
Article: Set up single sign-on with OneLogin
Article: Set up single sign-on with Okta

Did this answer your question?