Follow

Single Sign-On


Culture Amp supports Single-Sign-On (SSO) for your organization in two ways; sign in with Google or SAML. It's not possible to configure both methods for the same Culture Amp account. Once SSO has been enabled for your account, it is no longer possible to sign in with an email and password on the Sign In page.

Google (Gmail) Apps Integration

If your organization uses Google Apps, you can use this to log into Culture Amp.

All you need to ensure is that the email address in Google matches the one provided in Culture Amp. This is usually the case, although it's possible for users to sometimes use an alias. If this occurs, ensure the email address used in Culture Amp is the same as the one used to log in.

To sign in with Google, simply select "Sign in with Google" at the bottom of the standard sign in page: https://identity.cultureamp.com/session/sign_in

SAML Integration

NOTE: This feature is only available for customers on the Standard or Enterprise plans.

Culture Amp allows your users to sign in via your SAML/2.0 gateway.

This includes organizations with their own SAML infrastructure, as well as organizations using services such as Okta, Bitium, Microsoft Azure and OneLogin. When SAML is configured, we will give you a unique login link to Culture Amp. Hitting this link will trigger the SSO process and log your users into their Culture Amp account.

We will supply the following information:

  • SAML login URL (where a user should visit to initiate a login)
  • A callback URL (where the SAML provider will send the user’s credentials, for Culture Amp to verify)
  • Audience/Entity ID (the identity of the server that sends the login request. In this case, {subdomain}.cultureamp.com. For Microsoft Azure Active Directory services, they require the ID to be prefixed with https://)

To configure SAML, we simply require a single piece of information, the Identity Provider Details, in the form of:

  • Your SAML metadata URL 

And that's it!

If you have a SAML or system administrator, you can provide them with the information we will supply to you, and have them contact support@cultureamp.com directly to coordinate the integration.

SAML Technical FAQs

  • Does the application support SAML 2.0? Yes
  • Is IDP-initiated Sign-On supported (IDP-initiated would be you go into Okta and click on the Culture Amp application to log in)? Yes
  • Is SP-initiated Sign-On supported (SP-initiated is when you visit subdomain.cultureamp.com, you get bounced to an SSO login screen and then returned to Culture Amp)? Yes
  • What assertions are needed to send in the SAML token? urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress’
  • Does the application support SSO Federation? Yes
  • Is the application available in the Azure AD Application Gallery? No

Configuring ADFS to support Service Provider Initiated SSO



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments