Single Sign-On (SSO) allows your employees to log in automatically to Quantum Workplace using the login credentials they already use within your organization.
In this article:
- How SSO Works
- How to Enable SSO for Your Organization
- How to Disable SSO for Your Organization
- Information for IT Professionals
Once enabled, Single Sign On (SSO) allows your employees to automatically log in to Quantum Workplace using login credentials that they are already using at your organization.
This means your employees won't need to remember a separate set of login credentials to access Quantum Workplace.
Learn about configuring and enabling SSO in Quantum Workplace.
How SSO Works
If an employee is already logged in to their Identity Provider, their Identity Provider will route them automatically into Quantum Workplace:
If your employee is not already logged in to their Identity Provider, they will be prompted to log in with their Identity Provider in order to access Quantum Workplace:
When your employees receive an email prompting them to do something in Quantum Workplace, clicking the call to action will either route them directly into Quantum Workplace (if they are already logged in with their Identity Provider) or will prompt them to log in to their Identity Provider in order to access Quantum Workplace.
Your employees can also access Quantum Workplace through your Identity Provider's application portal:
How to Enable SSO for Your Organization
Begin by clicking and expanding the Administration menu in the left-hand navigation menu, then click Integrations. From the Integrations screen, click the Single SIgn-On card.
Step 1: Choose Your Identity Provider
Select your Identity Provider by clicking and expanding the drop-down menu.
Quantum Workplace's self-serve SSO option is available for the following Identity Providers:
If your Identity Provider is not listed above, the self-serve option is not available.
However, you can select Other in the drop-down to initiate the SSO implementation by coordinating with Quantum Workplace's team.
If you select Other, Quantum Workplace requires the contact information for your organization's point-of-contact, your Identity Provider, and a URL for your organization's metadata.
Click Next Step to continue.
Step 2: Send QW Your Metadata
After selecting your Identity Provider, upload a file of your metadata by clicking Browse Files and selecting the metadata file.
Upload your file and click Next Step to continue.
Step 3: Name ID Configuration
With your metadata in place, specify the unique identifier used when configuring SSO for your organization. The chosen identifier is used to verify that a user is active and authorized on the organization's side.
Click and expand the Name ID Configuration drop-down to select the identifier.
EmployeeID is recommended as the value is consistent and typically doesn't change.
Step 4: SSO Configuration Review
In the final step, verify your SSO configuration. This includes confirming your Identity Provider and its unique identifier.
Click Activate SSO.
A Mission Accomplished modal will appear when your SSO has been successfully established. If an error occurs, these will be listed and should be addressed by your IT team to make the necessary corrections.
How to Disable SSO for Your Organization
You can disable and reactive your organization's SSO at any time.
Return to the Integrations menu under Administration in the left-hand navigation menu. Click the Single Sign-On card to view your organization's active SSO configuration.
Click Deactivate SSO.
Information for IT Professionals
We support SAML v2.0 protocol, but we do not support the older v1 or v1.1 protocols.
We DO NOT support “just in time” user provisioning through SSO. Quantum Workplace platform users are manually created in the platform by your Quantum Workplace platform administrator(s) unless other methods are agreed upon (e.g., HRIS integration, QW en masse, etc.)
Identity Provider (IdP) refers to a system that creates and manages identity information for principals while providing authentication services to relying on party applications within a federation or distributed network. An identity provider offers user authentication as a service. Common Identity Providers include Azure Active Directory (Azure AD), OneLogin, Ping Identity (PingFederate/ PingAccess), G Suite (Google), Okta, and ADFS.
Service Provider (SP) refers to Quantum Workplace.