Employee SSO setup in pulse check

Question

We are currently setting up a pulse check as engagement project. Meanwhile, we are also configuring SSO. Now I have few questions on the details of the SSO authenticator in the survey flow. If we do not tick the “Associate respondent with person by field” option, could anyone in the employee directory then access the survey after successful SSO? 	Is it possible that the survey can be taken by some employee without prior adding them as participant to the project? If I understood correct, this would be possible if we use the anonymous link, send it from another mailing system than Qualtrics to all employees (so that they do not need to be added to the project) and have the SSO authenticator element without option  “Associate respondent with person by field” ticked. As long as the employee has a contact within the employee directory, it should be possible to start the survey, correct?	The contacts in the employee directory do have custom metadata fields such as department. We have enabled pseudoanonymization, however, this does not include the department as we would like to populate it for each response so that we can use it in the dashboard. Is it sufficient to define the department field as embedded data within the survey flow after the SSO authenticator element? So does the authenticator match the person who tries to access the survey with some existing contact of the directory so that we can work with the embedded data of this contact? We do not want to pass department information via SSO “Capture respondent identifying info” as we already have all information integrated to the contacts. I know that it would be the easiest way to just test, however, as long as the setup is not finalized, I would like to already get some better understanding.Thank you.

chackbusch · Accepted Answer

Let me just answer the questions myself:In this case the authenticator would just ensure that people who can login to the organization can access the survey. It would not do any checks against the participant list.Anyone who can authenticate with SSO could take the survey if the option“Associate respondent with person by field” is not selected. The person does not need to be a participant. However, in this case the response is not associated with a response and therefore it can not be ensured that the same person does not take the survey multiple times.SSO authenticator does not have the functionality to create participants based on the data it pulls. This means that without having the participants added prior to taking the survey, no contact metadata can be associated with a response. The only option would be to pass the information as SSO attribut.

chackbusch · Answer

Let me also summarize the requirements again:Anonymous link must be used as the survey needs to be published outside of QualtricsSSO authenticator must be used as only employees from the directory should be able to accessWe use pseudoanonymization as we do not want to have the personal data available for each responseWe want to track specific contact fields (e.g. department) which are not part of the pseudoanonymizationI would think that we could set up the survey flow examplarily as below.

Sign up

Login to the Community

Scanning file for viruses.

This file cannot be downloaded