ArticlesSet up single sign-on (SSO)

Explore other articles on this topic.

5.11.2025Knowledge

Single sign-on (SSO) is an add-on feature. To enable it for your organization, contact your HappyOrNot contact person. Note that the prerequisites below must be done before it can be enabled. 

 NOTE: As part of our ongoing security practices, HappyOrNot Analytics service provider SSO certificates are rotated every other year to ensure secure and trusted connections between systems. The next certificate update is scheduled for December 7, 2025, so we recommend that you add the new certificate (happyornot-sso-client-certificate-2025) before December 7th and keep both certificates active until at least December 8th to ensure a smooth transition and uninterrupted access. 

When you use single sign-on (SSO), your employees can log in to HappyOrNot Analytics with their normal login credentials without having to create new credentials. Through SSO, your organization can also utilize existing multi-factor authentication (MFA) systems to increase security when accessing HappyOrNot Analytics. 

HappyOrNot Analytics supports all identity providers that support SAML 2.0.

Pre-requisites

Before  SSO can be set up for your organization, you need to create a SAML 2.0 integration for your identity provider. To do this, follow the instructions for your identity provider. 

Microsoft Azure (external link) 

Google Workspaces (external link)

Okta (external link)

Amazon Web Services IAM Identity Center (external link)

Needed HappyOrNot Analytics Service Provider (SP) information can be found or imported from the attached XML file.

Optional signing and encryption for extra security can be configured using the attached .pem file.

Set up SSO in HappyOrNot Analytics

  1. Go to Admin > Organization settings.
  2. Under Single Sign-on SAML Configuration, select Edit.
  3. Upload the user information as an XML file that you have exported from your identity provider (recommended) or enter the information manually. 
  4. Select Request signing and token encryption, if supported by your identity provider. Signing and encryption are optional, but highly recommended. Signing provides integrity and authenticity, while encryption ensures confidentiality.   
  5. Select Save.

Change the login method for users

Once SSO has been set up in HappyOrNot Analytics, you can choose which users can sign in through SSO and which will have separate HappyOrNot credentials.

IMPORTANT: If you change a user's login to SSO and there is something wrong with your SSO set-up, they will not be able to log in to HappyOrNot Analytics anymore. We recommend that you test your setup with another user before changing your own login method. 
  1. Admin > Users and select Manage Login Methods.
  2. Select which login method you want to use for the users. You can either change the method for all users or only for those with certain email addresses.
  3. Select Apply.

If the user already has HappyOrNot credentials, their previous password will stop working when you change their login method to SSO.


Attachments
/sfc/servlet.shepherd/version/renditionDownload?rendition=THUMB120BY90&versionId=068QA000002ihEkYAI

happyornot-sso-client-certificate-2023

/sfc/servlet.shepherd/version/renditionDownload?rendition=THUMB120BY90&versionId=068QA00000ScnFoYAJ

HappyOrNot_SSO_metadata_2025-10

/sfc/servlet.shepherd/version/renditionDownload?rendition=THUMB120BY90&versionId=068QA00000ScrsoYAB

happyornot_client_sso_certificate_2025

Topics
Organization settingsHappyOrNot AnalyticsAdd-on FeaturesSingle Sign-onIntegrations

Can't find the information you're looking for? Email support@happy-or-not.com to contact our Support.