Product Guides: 360-Degree Feedback

Single Sign-on Preparation

EchoSpan's Enterprise 360-Degree Feedback and Performance Review tools provide Single sign-on (SSO) support via the SAML 2.0 protocol. Single sign-on makes the use of web applications more convenient and secure by allowing your employees to log in to multiple applications using a single username and password combination.

This document outlines the steps necessary to enable SSO on your account. Please review this document carefully and follow all steps in order to ensure an easy and error-free setup.

Readiness Requirements
To prepare for SSO-integration with EchoSpan, please review the following requirements:

1. Verify that your organization has an existing SAML-based, SSO platform for internal or external applications.

2. Confirm you have a current Enterprise Edition EchoSpan account.

3. You will need to have a complete employee roster ready to provide to EchoSpan for all users that should have SSO access to the tool. On accounts where roster updates are performed automatically via API, this step can be skipped. Make sure that all users in the list provided have unique email addresses.

4. Have your company's SAML Identity Provider (IdP) metadata file ready. EchoSpan uses employee email address as a unique identifier. Your SAML assertions should include the employee's email address in a parameter named EMAIL as well as a static parameter, CLIENTID that will be provided by your client manager and is the same value for all users.

5. Be available to assist with testing your SAML connection to EchoSpan. Getting servers to communicate with one another for SSO can sometimes be tricky. It's not uncommon for connections to require several rounds of tests to make sure everything is working.

Setup Steps
Once you've confirmed that all items in the Readiness Requirements steps above are complete, please follow the steps listed below to configure SSO for your account:

1. Upload your SAML metadata file to your account. Your account's master administrator can upload your SAML metadata file by following the steps below:

  • Log into the EchoSpan administrative tool.
  • Click the "My Account" tab at the top left.
  • Select the "SSO" sub tab on the My Account homepage.
  • Paste the contents of your SAML metadata file into the "Your SAML 2.0 Metadata" text field at the bottom of the screen.
  • Click the "Submit" button to transmit your metadata file to EchoSpan.
  • EchoSpan will contact you within 48 hours about the status of your metadata file import. Sometimes adjustments will need to be made to the file's contents, so please have IT staff available to assist.

2. Download EchoSpan's metadata. To download EchoSpan's metadata file, your master administrator should:

  • Log into the EchoSpan administrative tool.
  • Click the "My Account" tab at the top left.
  • Select the "SSO" sub tab on the My Account homepage.
  • Copy the contents of the "EchoSpan SAML 2.0 Metadata" text field at the top of the page.
  • Configure your identity provider solution to transmit two claims to EchoSpan: 1) EMAIL, which is the user's email address and 2) CLIENTID, which is a numeric code provided to you by your client manager.

3. Upload your employee user list. If your user list is being uploaded via API you can skip these steps:

  • Log into the EchoSpan administrative tool.
  • Click the "Users" tab at the top.
  • Click the "Import/update user(s)" button.
  • Paste your tab-delimited list of users into the upload field.
  • Click the "Submit" button.

4. Manage SSO for end-users. Once SSO is configured, by default your end-users are able to access the EchoSpan tool via local login or SSO. However, you can control the authentication method for individual projects by:

  • Log into the EchoSpan administrative tool.
  • Click the "Feedback Projects" tab at the top.
  • Open the project you want to modify.
  • Select Setup >> Advanced Settings.
  • Expand the "Project Administration" settings section.
  • Modify the "User Authentication" option as desired.
  • Click the "Save Settings" button to commit your changes.

5. Activate SSO for admin users. By default, administrative users log into the EchoSpan tool locally (using the page found here). Once SSO is configured for your account, you can enable SSO login for your administrators. To do this:

  • Log into the EchoSpan administrative tool as the master administrative user.
  • Click the "My Account" tab at the top.
  • Select the "Other Admins" sub tab.
  • Select the authentication method that you prefer using the "Admin Authentication" drop-down box.
  • Advise your IT staff to transmit a RelayState variable with the value "ADMIN" for all authentication requests for administrative users.

6. Update your email templates with the SSO URL. For Identity Provider-initiated connections (the most common configuration), your company will create the URL that will lead users to the EchoSpan tool. This can be pasted into your EchoSpan email templates in place of our standard [[url]] merge field. For Service Provider-initiated connections, EchoSpan will provide you the URL to include in your email templates.

Single Sign-on Costs
Internal-use single sign-on is a complimentary feature of the Enterprise Edition of EchoSpan. Single sign-on services for consultant or distributor accounts are available at a of $4,999 per sub-account, per year.


Last updated: Thursday, January 19, 2017
127
sso, single sign-on, single sign on, sso access
Our website uses cookies
Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing EchoSpan, you agree to our use of cookies.
I Understand More Info