1. Help Library
  2. General
  3. Integrations and Extensions

Single Sign-On (SSO)

Single Sign On (SSO) allows your employees to log in automatically to Quantum Workplace using the login credentials they already use within your organization.

In this article:


What is SSO?

Once enabled, Single Sign On (SSO) allows your employees to automatically log in to Quantum Workplace using login credentials that they are already using at your organization. This means your employees won't need to remember a separate set of login credentials to access Quantum Workplace. 

How SSO Works

If an employee is already logged in to their Identity Provider, their Identity Provider will route them automatically into Quantum Workplace: 

HubSpot Video

 


If your employee is not already logged in to their Identity Provider, they will be prompted to log in with their Identity Provider in order to access Quantum Workplace: 

HubSpot Video


When your employees receive an email prompting them to do something in Quantum Workplace, clicking the call to action will either route them directly into Quantum Workplace (if they are already logged in with their Identity Provider) or will prompt them to log in to their Identity Provider in order to access Quantum Workplace. 

About this survey reminder-1



Your employees can also access Quantum Workplace through your Identity Provider's application portal: 
HubSpot Video

Information for IT Professionals

We support SAML v2.0 protocol, but we do not support the older v1 or v1.1 protocols. We DO NOT support “just in time” user provisioning through SSO. Quantum Workplace platform users are manually created in the platform by your Quantum Workplace platform administrator(s), unless other methods are agreed upon (e.g., HRIS integration, QW en masse, etc.)

Definitions:

Identity Provider (IdP) refers to a system that creates and manages identity information for principals while providing authentication services to relying on party applications within a federation or distributed network. An identity provider offers user authentication as a service. Common Identity Providers include Azure Active Directory (Azure AD), OneLogin, Ping Identity (PingFederate/ PingAccess), G Suite (Google), Okta, and ADFS. 

Service Provider (SP) refers to Quantum Workplace. 


How to Implement SSO

 We have specific instructions for establishing SSO with the following Identity Providers: 

Our general process for implementing SSO is as follows: 

  1. The Quantum Workplace production environment metadata information is listed below, you may need this to set up the configuration on your side (depending on your Identity Provider).  Use EmployeeID, Username, or Email Address as the NameID. (This is a unique identifier that each user has. This will be passed to QW behind the scenes. It is used to verify that a user is active and authorized on your side. We prefer EmployeeID since those rarely change.)

    QW Production metadata:
    https://auth.quantumworkplace.com/saml/metadata
  2. Follow these steps to enable the configuration within Quantum Workplace.

  3. Test the configuration.  If there are any issues or errors, please take a screenshot of the error message that you see (include the URL in the screenshot and note the date and time you received the message) and send it to your Quantum Workplace contact. We will check our logs to see if the issue in the configuration is on our side or yours.

Note: Custom configurations on the QW side are stored as data, so there are no release schedules or restrictions that QW needs to adhere to in order to roll out SSO implementations.  Please contact your Customer Success Manager or support@quantumworkplace.com for setting up a custom Identity Provider not listed.