1. Help Library
  2. General
  3. Integrations and Extensions

Single Sign-On (SSO)

Single Sign On (SSO) allows your employees to log in automatically to Quantum Workplace using the login credentials they already use within your organization.

In this Article: 

What is SSO? 
How SSO Works
Information for IT Professionals
How to Implement SSO


What is SSO?

Once enabled, Single Sign On (SSO) allows your employees to automatically log in to Quantum Workplace using login credentials that they are already using at your organization. This means your employees won't need to remember a separate set of login credentials to access Quantum Workplace. 

How SSO Works

If an employee is already logged in to their Identity Provider, their Identity Provider will route them automatically into Quantum Workplace: 

sso-logged-in-already

 


If your employee is not already logged in to their Identity Provider, they will be prompted to log in with their Identity Provider in order to access Quantum Workplace: 

sso-not-logged-in-yet


When your employees receive an email prompting them to do something in Quantum Workplace, clicking the call to action will either route them directly into Quantum Workplace (if they are already logged in with their Identity Provider) or will prompt them to log in to their Identity Provider in order to access Quantum Workplace. 



Your employees can also access Quantum Workplace through your Identity Provider's application portal: 
sso-login-via-portal

Information for IT Professionals

We support SAML v2.0 protocol, but we do not support the older v1 or v1.1 protocols. We DO NOT support “just in time” user provisioning through SSO. Quantum Workplace platform users are manually created in the platform by your Quantum Workplace platform administrator(s) (unless other methods are agreed upon (e.g., HRIS integration, QW en masse, etc.)

Definitions:

Identity Provider (IdP) refers to a system that creates and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network. An identity provider offers user authentication as a service. Common Identity Providers include Azure Active Directory (Azure AD), OneLogin, Ping Idenity (PingFederate/ PingAccess), G Suite (Google), Okta, and ADFS. 

Service Provider (SP) refers to Quantum Workplace. 


How to Implement SSO

 We have specific instructions for establishing SSO with the following Identity Providers: 
ADFS (Active Directory Federation Services)
Azure Active Directory
Okta 

Our general process for implementing SSO is as follows: 

  1. You will use our production environment metadata information to set up the configuration on your side using EmployeeID, Username, or Email Address as the NameID. (This is a unique identifier that each user has. This will be passed to QW behind the scenes. It is used to verify that a user is active and authorized on your side. We prefer EmployeeID since those rarely change.)

    QW Production metadata:
    https://auth.quantumworkplace.com/saml/metadata

  2. Once the configuration is set on your end, you will send us a link to your metadata (or a download of the file), and we will set up our configuration based on the information contained in the metadata file.
  3. Test the configuration.  If there are any issues or errors, please take a screenshot of the error message that you see (include the URL in the screenshot and note the date and time you received the message) and send it to your Quantum Workplace contact. We will check our logs to see if the issue in the configuration is on our side or yours.

The configurations on the QW side are stored as data, so there are no release schedules or restrictions that QW needs to adhere with in order to roll out SSO implementations.