Buckle in for a technical adventure! Today, we’re mapping SSO attributes to CX Dashboard metadata (formerly known as CX user attributes.)
Use case
The most popular use case for this solution would be to automatically assign CXD roles for users. In real life terms, let’s imagine we have two departments - marketing and sales - who use the same dashboard. While sales people are interested in all data, including personal information to specifically learn about their clients, marketing only needs access to aggregated data. In order to distinguish between the two roles and differentiate the permissions, we can pull the department information from the SSO settings.
Your IT team will have to ensure that there is one unique attribute for each, such as “user.department”, “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department”, or simply: “department”.
Once you have that attribute set up, will move on to Qualtrics. To learn more about SSO attributes, see one of my previous posts.
SSO settings
In order to first access the SSO attributes:
- Navigate to the Admin tab (you will have to have Brand Admin privileges.)
- In Admin, go to Organization settings and SSO.
- Click on the three dots next to the desired SSO connection and click Edit.
- Scroll down to the bottom and enable: “Capture additional attributes for dashboards”.
- Once enabled, you can provide a unique identifier. This is useful if your brand uses Just in Time provisioning (automatic user enrollment), but not necessary if you are just adding dashboard attributes. The unique ID is the dashboard identifier. You could’ve chosen to use the employee ID, user ID, username – as long as it’s present in your identity provider’s settings and it’s unique for every user, it will work!
- Now for the actual attributes; work with your IT team or reference your identity provider platform (Google, Microsoft, OKTA, etc.) to check what attribute you will want to capture from SSO.
- Again, you can also cross-reference my previous post about SSO attributes. In our case, we’re mapping the imaginary department field.
- Don’t forget to click apply!
Important: Make sure that the attribute you specify in Qualtrics matches the one on the identity provider’s side. Email is not the same as mail, and userID will not capture user_ID.
Last steps
Now that you enabled the attribute mapping, picked both the identifier and the attributes you want to capture, go ahead and log in to your dashboard with SSO. This step is essential! Without logging in first and letting Qualtrics establish a handshake with your identity provider, you won’t see the mapped attributes in the dashboard settings. Lastly, go ahead and follow the steps listed on this support page to finish the setup in CX Dashboards. That’s it -- you’re all set!
Fact checked by Yuki Suzuki, Qualtrics’ Resolutions Analyst, on February 3rd 2025
