Configuring single-sign on (SSO)
Customer Thermometer supports SAML SSO authentication.
Setup request
To set this up, we require some configuration to be set on your identity provider and to configure your account to allow for SSO.
Please set the following details on your identity provider application:
- Single Sign On URL:
https://identity.customerthermometer.com/?template=ssologin&req=acs&domain=[domain] - SP Entity ID: customer-thermometer-saml
- Application username: Email
[domain] should be replaced with your domain name. For example: acme.org would set the single sign on URL to: https://identity.customerthermometer.com/?template=ssologin&req=acs&domain=acme.org
Please raise a ticket with Support requesting SSO configuration providing us with the following information:
- Identity Provider Single Sign-On login URL
- This should not be the above URL - but the one provided by your Identify Provider.
- Identity Provider Single Sign-On logout URL
- This could be the same URL as above.
- Identity Provider Issuer
- X.509 Certificate
- Your domain name
User auto-creation
At this time, users whom login via SSO will require to be added to the Customer Thermometer prior to login. They will not be automatically created via SSO.
To add a user to your Customer Thermometer account, see the User Management guide for further details.
SAML with Microsoft Entra ID (Azure Active Directory)
Create a new Enterprise Application within Entra. Under the Single sign-on settings; populate the following details:
https://identity.customerthermometer.com/?template=ssologin&req=acs&domain=acme.org - replacing acme.org with your domain name.- Login URL
- Microsoft Entra Identifier
- Logout URL
- Certificate (Base64)
SAML with OKTA
https://identity.customerthermometer.com/?template=ssologin&req=acs&domain=acme.org - replacing acme.org with your domain name.Name ID Format: EmailAddress
- Sign on URL
- Sign out URL
- Issuer
- Signing Certificate