Single Sign-On (SSO) allows your employees to log in automatically to Quantum Workplace using the login credentials they already use within your organization.
In this article:
- Overview
- Enable SSO
- Disable SSO for Your Organization
- How SSO Works
- Information for IT Professionals
Overview
Once enabled, Single Sign-On, SSO, allows your employees to automatically log in to Quantum Workplace using login credentials that they are already using for your organization.
This means your employees won't need to remember a separate set of login credentials to access Quantum Workplace.
Enable SSO
To enable SSO for your organization:
- Click and expand Administration in the left-hand navigation menu
- Click Integrations in the expanded menu
- From the Integrations screen, click the Single Sign-On (SSO) card to launch an SSO enablement workflow
Step 1: Choose Your Identity Provider
Select your Identity Provider by clicking and expanding the drop-down menu.
Quantum Workplace's self-serve SSO option is available for the following Identity Providers:
If your Identity Provider is not listed above, the self-serve option is not available.
However, you can select Other in the drop-down to initiate the SSO implementation by coordinating with Quantum Workplace's team.
If you select Other, Quantum Workplace requires the contact information for your organization's point-of-contact, your Identity Provider, and a URL for your organization's metadata.
Click Next Step to continue.
Step 2: Send Quantum Workplace Your Metadata
After selecting your Identity Provider, upload a file of your metadata by clicking Browse Files and selecting the metadata file.
Upload your file and click Next Step to continue.
Step 3: Name ID Configuration
With your metadata in place, specify the unique identifier used when configuring SSO for your organization. The chosen identifier is used to verify that a user is active and authorized on the organization's side.
Click and expand the Name ID Configuration drop-down to select the identifier.
EmployeeID is recommended as the value is consistent and typically doesn't change.
Step 4: SSO Configuration Review
In the final step, verify your SSO configuration. This includes confirming your Identity Provider and its unique identifier.
Click Activate SSO.
A Mission Accomplished modal will appear when your SSO has been successfully established. If an error occurs, these will be listed and should be addressed by your IT team to make the necessary corrections.
Disable SSO
You can disable and reactive your organization's SSO at any time.
To disable SSO for your organization:
- Click and expand Administration in the left-hand navigation menu
- Click Integrations from the expanded menu
- From the Integrations screen, click the Single SIgn-On (SSO) card to view your organization's active SSO configuration
- Click Deactivate SSO
How SSO Works
Logging In
If an employee is already logged in to their Identity Provider, the employee only needs to enter their username to be automatically logged in to Quantum Workplace.
If an employee is not logged in to their Identity Provider, the employee must enter their username and password to log in to Quantum Workplace.
Note: Depending on your organization's settings, you may see a different SSO option.
Email Notifications
Whether an employee is logged in to an Identity Provider or not also affects how employees interact with links in email notifications.
For example, consider an employee who receives an email about an open survey.
If the user is logged in to their Identity Provider, the user is taken directly to the survey when they click Take Survey. If a user is not logged in to their Identity Provider, they are prompted to log in before being navigated to the survey when they click Take Survey.
Additionally, employees can also access Quantum Workplace through the Identity Provider's portal.
Information for IT Professionals
We support SAML v2.0 protocol, but we do not support the older v1 or v1.1 protocols.
We DO NOT support “just in time” user provisioning through SSO.
Quantum Workplace platform users are manually created in the platform by your Quantum Workplace platform administrator(s) unless other methods are agreed upon (e.g., HRIS integration, QW en masse, etc.)
Definitions:
Identity Provider (IdP) refers to a system that creates and manages identity information for principals while providing authentication services to relying on party applications within a federation or distributed network. An identity provider offers user authentication as a service. Common Identity Providers include Azure Active Directory (Azure AD), OneLogin, Ping Identity (PingFederate/ PingAccess), G Suite (Google), Okta, and ADFS.
Service Provider (SP) refers to Quantum Workplace.