If your organization uses a SAML Identity Provider like Okta or PingFederate for app consolidation and password storage, you can take advantage of the benefits of single sign on with TINYpulse. Configure the integration once and save employees from password fatigue in having to maintain a separate login for TINYpulse.
Configure SAML integration
If your company's SAML Identity Provider is Okta, PingFederate, or ADFS you're in luck! TINYpulse supports SAML integration with these IPs, so just reach out to your friendly customer success manager to get set up.
If you're on any other Identity Provider like OneLogin or Salesforce, or something else, please send us an email. We'd love to hear more about what our customers are using in order to improve our SAML SSO offering.
Sign in using SSO
Once you've completed the SAML integration between Okta/PingFederate and TINYpulse, the next step is to read up on the protocol for signing in. This information will help you guide and assist employees with this process so make sure you're clear about this ever-so-important sign in info!
TINYpulse users who already have passwords
Any of your existing users who have already set their TINYpulse password can continue using that TINYpulse password indefinitely, or they may take advantage of SSO and sign in via your org's Identity Portal.
These users don't have to change their behavior and log in using SSO unless they choose to, or you as an administrator choose for them. We can clear the existing TINYpulse passwords for employees in your org to force everyone on to SSO if you'd like, so just let your customer success manager know and we'll work with you to get that done. But it's up to you!
Newly invited TINYpulse users
If you've invited people to TINYpulse after integrating with your SAML Identity Provider, these users don't have to set a TINYpulse password (woohoo!) and will need to sign in and access TINYpulse using your company's Identity Portal.
For your reference, here's a list of entry points to TINYpulse and the corresponding user experience:
- TINYpulse email: If an SSO user clicks a link in a TINYpulse email (survey, survey reminder, Cheers, private message), we'll direct them to the Identity Portal for sign in and then send them to the correct location in TINYpulse.
- https://app.tinypulse.com: If an SSO user goes directly to app.tinypulse.com without being signed in to your SAML Identity Provider, they will not be able to sign in and they'll receive an error message. They need to log in to the Identity Portal first, then they can go to app.tinypulse.com to get to the application.
- Mobile app: SSO users can't log into the TINYpulse mobile app just yet. But don't worry! We're working on it. However, anyone who has a TINYpulse password (those users who set one before your SAML integration was configured) can still use the mobile app normally, logging in with their TINYpulse password.
SSO and the TINYpulse mobile app
ICYMI in the last section, use of the TINYpulse mobile app in conjunction with SAML SSO is currently limited (was that enough abbreviations for one sentence?).
If a user who previously set a TINYpulse password before your org integrated with Okta or Ping Identity, they may still log in to the mobile app normally. They won't be affected. If a user was invited to TINYpulse after the SAML integration, they won't be able to use the mobile app (yet). We understand this is inconvenient for those wanting to TINYpulse on the run, so we're hard at work making adjustments.
Thanks for working with us in this early version of the SAML integration! We appreciate your support and understanding as we make improvements to make the experience even better.