Skip to main content
All CollectionsMentimeter for Teams and EnterprisesSSO and SCIM
Single Sign-On (SSO) for Admins (Enterprise plans only)
Single Sign-On (SSO) for Admins (Enterprise plans only)

Learn about Single Sign-On and understand how to set it up for your Mentimeter workspace.

Daniel avatar
Written by Daniel
Updated over a month ago

Single Sign-On (SSO) allows users to log in to multiple applications with a single set of credentials, enhancing security and simplifying user management. Learn how to integrate your SAML 2.0 compliant identity provider (e.g., Okta, Azure AD).

Note: SSO is available only with the Mentimeter Enterprise plan.

Key features of our SSO setup

Multi-Tenancy: Multiple workspaces from the same organization can now independently manage their own SAML SSO configuration with enhanced security.

Simplified and Controlled Setup: Enforcing domain control for workspaces using the new SSO setup ensures a smoother and more secure configuration process.

How SAML SSO Works with Mentimeter - SP initiated

  1. When a user tries to access Mentimeter via SSO, Mentimeter sends a SAML (Security Assertion Markup Language) request to your identity provider (IdP).

  2. The IdP then verifies the user’s credentials and sends a response back to Mentimeter confirming the user’s identity.

  3. Once Mentimeter receives this confirmation, it grants access, allowing the user to log in to their Mentimeter account seamlessly.

Prerequisites:

For further details on how to set up SSO, please refer to this article.

Information for Admins & Owners

Deactivating users

Users can be deactivated from accessing Mentimeter. After a user leaves your organization and should no longer have access to their Mentimeter account or content, the owner or admins of the subscription can deactivate the user via the admin dashboard.

A deactivated account can only be reactivated by the owner/admin or deleted on request. Remember to retrieve all content created by a user that is to be deactivated. If the user wishes to continue using Mentimeter, they will need to create a new account.

After implementing SSO, downgrading users to the Free version of Mentimeter is not possible. Admins are only able to deactivate users. A deactivated account does not occupy a license, therefore that license can be re-distributed.

Note: Deactivating users is a severe action and we advise you to use it cautiously and make sure that all content and results from the user are shared with the organization before the deactivation.

Workspace Discoverability

Make your workspace discoverable to your users who are registered on domains controlled by your organisation. Find our more here on how you can enable Workspace Discoverability in the Workspace Settings page.

FAQs

Does implementing SSO mean that all users (Enterprise, Basic, Pro, and Free users) from the organization will have to authenticate via SSO?

No. The SSO connection will be implemented on the Enterprise workspace only, so all users outside of that subscription will continue using Mentimeter with their individual, non-SSO accounts. If everyone should authenticate with SSO, all users should be transitioned to the Enterprise workspace. If you have specific needs or want more information about this then reach out to your dedicated point of contact at Mentimeter.

Are there any restrictions or limits on what networks can access via SSO login?

Mentimeter uses SAML protocol to exchange authentication information between an identity provider (IdP) and Mentimeter, the service provider. If the organization’s sign-in process only allows company computers to log in via their network, all users who are expected to use Mentimeter should be aware of that restriction. Mentimeter does not have any restrictions regarding computer types or networks entering through SSO.

You can increase the added security layer here from your IdP by ensuring that you have the right access groups connected to the SAML setup.

Who controls which users can successfully authenticate and join the SSO workspace?

The organization’s internal Access Management team/Identity Provider. With the implementation of SSO, Mentimeter will only read responses from the organization’s IdP. If that response is positive, the user will be let in. If the response is negative, the user will receive an error message. Who should have access to Mentimeter and be granted permission to use the platform via SSO is fully done on the organization’s side.

Will older Mentimeter users keep their previously generated data and presentations when moving to the new SSO workspace?

Yes. Existing Mentimeter users will transition to the SSO team with all of their presentations and data as long as the email addresses used are the same both in the organization’s IdP and Mentimeter. The only thing that won’t get transferred is any customized themes previously created.

If a person has left the organization, can the content and data from that account be accessed by an Admin or Owner?

At the moment we do not provide the technical assistance of retrieving data from a deactivated user. Do note that if a person leaves the workspace, then the shared content and assets are automatically transferred to the owner of the workspace.

If a person has left the organization, will their account be deleted automatically?

No. The user will no longer be able to authenticate successfully if their permissions on the organization’s side have been removed, but the account will continue to exist in Mentimeter. Admins and Owners have the right to request the hard deletion of such accounts by sending a request to hello@mentimeter.com, or deactivating that user so the account doesn’t occupy a license anymore. Note that you can enable this action to be automatic with SCIM, learn more here [link to SCIM article]

Can a user be downgraded from the Enterprise SSO workspace to a Free account?

As a default, users can only be deactivated under SSO, but not downgraded outside of that workspace. However, Admins and Owners of an Enterprise workspace can if they want to be able to downgrade users to Free accounts. Ask for more information about this from your dedicated point of contact at Mentimeter.

Can a user (who had created their account before SSO) access their account via password after being deactivated from SSO? Will the password still function?

No. Deactivating a user will deactivate them from accessing that account entirely. During login, they will receive an error message “User is deactivated by an administrator. Please contact your organization’s IT department.”

Can SSO users change the email address associated with their account?

No. After joining the SSO workspace the user’s permissions will be controlled through the organization’s IdP and no longer through Mentimeter. If a user needs the email address of their account to be changed, that change should be done by the Access Management team within the organization and in accordance with the internal best practices and regulations. If it is a change coming from the IdP (i.e. a change of name) then this change happens automatically the next time the user signs in.

Will accounts that have used generic/functional mailboxes for their registration process be able to continue using Mentimeter under SSO?

No, unless those functional emails are granted permissions in the organization’s IdP.

Can users be invited to join the SSO workspace via email invitation?

Yes. On top of the join link, you can also manually invite users through the Manage Members page.

Can an Admin or the Owner change the SSO join link or the name of the workspace?

Yes. The name of your SSO workspace and the join link are visible and can be changed, by the Admins and Owner, through the ‘Change settings’ button, under “Your workspace”. Please note that if you change the URL, after using another one for a while, users that use the old join link will get the ‘page not found’ error, so please inform them in advance that the way to login to Mentimeter will change.

Did this answer your question?