For SAML SSO with Microsoft Entra ID (formerly Azure Active Directory) see this page. Please see additional documentation for OKTA (SAML), OKTA (OIDC), OneLogin, Token Based, and ADFS SSO.
Prerequisites
- A SAML enabled IdP, such as ADFS or an In-House Solution
- A UserVoice plan that includes SAML Single Sign-On
- A UserVoice account and admin login
1. Configure your Identity Provider (IdP)
SAML requires all logins to be checked against a token signing certificate that an Identity Provider (IdP) uses to sign the SAML assertions sent to the Service Provider (SP). To setup UserVoice as a SAML Service Provider, you need to upload your Identity Provider’s SAML token signing certificate via UserVoice Admin Console.
- You will need to get the UserVoice meta data and enter that as specified by IdP.
The service provider metadata for your UserVoice subdomain can be found herehttps://<subdomain>.uservoice.com/saml/metadata.xml
- The most important information there is the UserVoice Assertion Consumer Service (ACS) URL that responds to POST requests:https://<subdomain>.uservoice.com/saml/consume
. This could be labeled as the Reply URL, or Third-Party Relay URL. - Map your user data. UserVoice requires that Users have an email
email = User’s email address (attribute as it appears in your SAML settings)
guid = User ID (attribute as it appears in your SAML settings -- do NOT use user email)
display_name (optional) = User’s name or username (attribute as it appears in your SAML settings)
avatar_url (optional) = User’s profile picture URL (attribute as it appears in your SAML settings)
The GUID helps to match the user to your system if the email should ever change.
2. Retrieve setup information from your IdP
To setup SAML SSO with UserVoice you will need the following information from your IdP:
- SSO Remote Sign-In URL
- SSO Remote Sign-Out URL (optional)
- Token Signing Certificate
3. Configure UserVoice (SP) for SAML SSO
SAML requires all logins to be checked against a token signing certificate that an Identity Provider (IdP) uses to sign the SAML assertions sent to the Service Provider (SP). To set up UserVoice as a SAML Service Provider, you need to upload your Identity Provider’s SAML token signing certificate via UserVoice Admin Console
Note: This must be done by one of your UserVoice admins. UserVoice support cannot do this for you.
- Go to Admin Console → Settings → General → User authentication
- Select the option Single Sign-On (SSO).
- Input the SSO Remote Sign-In URL of your Identity Provider (required).
- (Optional) Input your SSO Remote Sign-Out URL so that your IdP knows when users log out.
- Upload your Identity Provider’s Token Signing Certificate file.
- Click Save.
4. Test
To test your UserVoice SSO implementation, you must first have users assigned to the UserVoice application/service. Once the above is done, follow these steps for testing your SSO implementation:
- Open an Incognito Browser Window (or sign out of UserVoice and your IdP and open a new window).
- Go to your UserVoice Forum Portal (e.g.
https://<subdomain>.uservoice.com
). - If you are not immediately presented with a login page, click Sign in (top-right corner). A popup window should appear. Enter the email address and password of a user that has been assigned to the UserVoice Application. Click Sign In.
- If successful, you should be granted access, and taken to the home page. You have successfully setup SAML Single Sign-On for UserVoice.
If you are unsuccessful, reread this guide, verify your configuration and test again. If you are still unsuccessful, see our SAML Troubleshooting Guide.