If your organization uses a SAML Identity Provider that supports SAML 2.0 like Okta, OneLogin, Azure AD / Entra ID, or PingFederate, you can take advantage of the benefits of single sign-on with TINYpulse. Configure the integration once and save employees from password fatigue in having to maintain a separate login for TINYpulse. 

Configure SAML integration

Here are a few pieces of information you may need for your SSO setup:

• Your Assertion Consumer Service URL (ACS), SAML Consumer URL, and/or SAML Recipient (this URL is for the SSO setup only and will not go anywhere if used in a web browser (this is not your ACS URL Validator)): https://app.tinypulse.com/saml/sso/<org_ID>/acs
  • <org_id> is your TINYpulse org ID. If you are not sure about this ID, kindly ask your assigned Customer Success contact, or support@tinypulse.com
• Service Provider (SP) Entity ID: TINYpulse
• NameID format: email
• Application username: email
• “Get Audience” Field (this is not always required): TINYpulse

And this is what we need from your end:

• The {SSO Type} metadata URL
• The date you would like the integration to go live

Just reach out to our Support team with that metadata URL and expected go-live date, you can expect the connection to be activated within a few business days.

If you are on any other Identity Provider like Salesforce or something else, please let us know. We would love to hear more about what our customers are using in order to improve our SAML SSO offering.

Setting up on Azure/Entra

Here's a quick instructional video that's easy to follow. At the 1'15" mark, you'll see this page to which you'll enter the particulars above.

Setting up on OKTA

There are five (5) steps.

1. In your OKTA account, create an app integration (or edit an existing one which is not likely in your case)

2. For URL, please fill in with the URL below

https://app.tinypulse.com/saml/sso/<org_id>/acs

(please ask your assigned Customer Success contact if you don’t know your TINYpulse org_id)

3. If OKTA requires the following fields, here they are:

• Service Provider (SP) Entity ID: TINYpulse
• NameID format: email
• Application username: email
• “Get Audience” Field (this is not always required): TINYpulse

4. Add a user. This should be the same email as the Super Admin's account's email in TINYpulse.

5. Then, you give us the metadata with these steps:

Sign in using SSO

Once you have completed the SAML integration between your identity provider (OneLogin, Okta, PingFederate, or ADFS) and TINYpulse, the next step is to read up on the protocol for signing in. This information will help you guide and assist employees with this process so make sure you are clear about this ever-so-important sign in info!

TINYpulse users who already have passwords

Any of your existing users who have already set their TINYpulse password will be directed back to your Identity Provider's portal if they try to log in directly at https://app.tinypulse.com They will not be able to use their existing TINYpulse password any longer and should just access TINYpulse directly via your company's portal. 

Newly invited TINYpulse users

If you have invited people to TINYpulse after integrating with your SAML Identity Provider, these users do not have to set a TINYpulse password (woohoo!) and will need to sign in and access TINYpulse using your company's Identity Portal. 

For your reference, here is a list of entry points to TINYpulse and the corresponding user experience:

• TINYpulse email: If an SSO user clicks a link in a TINYpulse email (survey, survey reminder, Cheers, private message), we will direct them to the Identity Portal for sign in and then send them to the correct location in TINYpulse. 

• https://app.tinypulse.com: If an SSO user goes directly to app.tinypulse.com without being signed in to your SAML Identity Provider, they will not be able to sign in and they will receive an error message. They need to log in to the Identity Portal first, then they can go to app.tinypulse.com to get to the application. 

• Mobile app: Download the TINYpulse mobile to give feedback and send Cheers on the go. Visit the App or Play Store, download the app, and you will redirect to your company's Identity Portal to log in the first time. Once your authenticated, you will stay logged in until you log out.

• Google Chrome plugin: If you are a Chrome user, you can access TINYpulse surveys, suggestions, and Cheers via a handy browser plugin. Much the same as the mobile app, you will be redirected to your Identity Provider to log in the first time and will stay logged in after that.