As our security chief has said that they won't allow LDAP tie-in with the limesurvey for user import, then am wondering can you pull user info from AD to CSV, including the password and then have the password set as token field? Or LS cannot read that part/that atribute is not obtainable?

Second question is how does SAML work, as I will be merely the one who starts creating the surveys while the server admins handle the backend, then I am relatively clueless?

If I create a survey then how do the user use their own credentials to login to the survey? Are they created automatically if they use the survey invite link or do the users have to be imported already for the survey before SAML can be used?
Can the users be imported via a push script when using SAML from AD?

I do appologise when all of this has been asked before, but whether I am too dumb to find the answers or form the right search words, then I couldn't find the answers. If there are already some info, please point me at the right direction.

kohuke wrote: As our security chief has said that they won't allow LDAP tie-in with the limesurvey for user import, then am wondering can you pull user info from AD to CSV, including the password and then have the password set as token field?

Let's first check what you want to do.
You have a LimeSurvey installation (which LS version and where is LimeSurvey installed?).
And you have ActiveDirectory user, which you want to allow things to do with LimeSurvey.

These AD user should create surveys, right? You mentioned tokens. LS tokens are for participating in surveys as a respondent. That would be a different scenario. But to answer your question, the AD passwords are not readable to pull into different applications. It's not a good idea to pull user passwords into a token list (not as token nor as an attribute).

For the current status of SAML plugins please conside contacting LimeSurvey GmbH support directly. They might can offer something uptodate.

As the admins have not given me the access to the live environment which we are building, then based on what I have as the test option - it would be: Version 3.15.8+190130 and running on a linux server.

I would actually want the AD users to be able to respond to certain surveys only, if it is even possible. I don't really want our users poking around other way.
Not sure really (yet) how much is it possible to restrict the user created for LS to browse around else where.

As we have multiple OUs for different companies and secondary domain as well, then importing all of the users via CSV is not that "decent" option. Hence am looking for a way to tie AD users to the survey without using LDAP import or using a CSV-file at the same time providing them with a secure login, so that a friend can't make a joke if they happen to know the token like "personal code".
Send email to this amount of users that there is a survey to respond to will also (even if told before hand) cause upset and make lot of work for our service desk when people complain about spam/scam mail (which they might mistake the survey invitation).
As majority of our users have this issue "why do I have to do few extra clicks to enter someplace" to use the method of just signing up publicly.

Looking for possible option as I need to present some possibilities to our admins so they can config it.

To restricts access to the survey for respondents, you will use tokens.
If your users and you currently don't share a secret and unique token from other scenarios (password of AD is ruled out), you will need to create a token and distribute it.

Allowing the respondents to selfregister might be an option. There is a plugin (never used it), which was mentioned in the forum before.
framagit.org/SondagePro-LimeSurvey-plugin/registerQuick

jelo wrote: Allowing the respondents to selfregister might be an option. There is a plugin (never used it), which was mentioned in the forum before.
framagit.org/SondagePro-LimeSurvey-plugin/registerQuick

Just set the mirroring

gitlab.com/SondagesPro/SurveyAccess/registerQuick