Integrations and Extensions
      Back to home
      1. Help Library
      2. General
      3. Integrations and Extensions

      Single Sign-On (SSO)

      Single Sign-On (SSO) allows your employees to log in automatically to Quantum Workplace using the login credentials they already use within your organization.

      In this article:

      Overview

      Once enabled, Single Sign On (SSO) allows your employees to automatically log in to Quantum Workplace using login credentials that they are already using at your organization.

      This means your employees won't need to remember a separate set of login credentials to access Quantum Workplace. 

      Learn about configuring and enabling SSO in Quantum Workplace.

      How SSO Works

      If an employee is already logged in to their Identity Provider, their Identity Provider will route them automatically into Quantum Workplace: 

      HubSpot Video

       

      If your employee is not already logged in to their Identity Provider, they will be prompted to log in with their Identity Provider in order to access Quantum Workplace: 

      HubSpot Video

       

      When your employees receive an email prompting them to do something in Quantum Workplace, clicking the call to action will either route them directly into Quantum Workplace (if they are already logged in with their Identity Provider) or will prompt them to log in to their Identity Provider in order to access Quantum Workplace. 

      About this survey reminder-1

       

      Your employees can also access Quantum Workplace through your Identity Provider's application portal: 

      HubSpot Video

      How to Enable SSO for Your Organization

      Begin by clicking and expanding the Administration menu in the left-hand navigation menu, then click Integrations. From the Integrations screen, click the Single SIgn-On card. 


      Step 1: Choose Your Identity Provider

      Select your Identity Provider by clicking and expanding the drop-down menu.

      Quantum Workplace's self-serve SSO option is available for the following Identity Providers: 

      If your Identity Provider is not listed above, the self-serve option is not available.

      However, you can select Other in the drop-down to initiate the SSO implementation by coordinating with Quantum Workplace's team. 

      If you select Other, Quantum Workplace requires the contact information for your organization's point-of-contact, your Identity Provider, and a URL for your organization's metadata. 

      Click Next Step to continue.

      Step 2: Send QW Your Metadata

      After selecting your Identity Provider, upload a file of your metadata by clicking Browse Files and selecting the metadata file. 

      Upload your file and click Next Step to continue. 

      Step 3: Name ID Configuration

      With your metadata in place, specify the unique identifier used when configuring SSO for your organization. The chosen identifier is used to verify that a user is active and authorized on the organization's side. 

      Click and expand the Name ID Configuration drop-down to select the identifier.

      EmployeeID is recommended as the value is consistent and typically doesn't change.

      Step 4: SSO Configuration Review

      In the final step, verify your SSO configuration. This includes confirming your Identity Provider and its unique identifier.

      Click Activate SSO.

       

      Mission Accomplished modal will appear when your SSO has been successfully established. If an error occurs, these will be listed and should be addressed by your IT team to make the necessary corrections. 

      How to Disable SSO for Your Organization

      You can disable and reactive your organization's SSO at any time. 

      Return to the Integrations menu under Administration in the left-hand navigation menu. Click the Single Sign-On card to view your organization's active SSO configuration. 

      Click Deactivate SSO. 

      Information for IT Professionals

      We support SAML v2.0 protocol, but we do not support the older v1 or v1.1 protocols.

      We DO NOT support “just in time” user provisioning through SSO. Quantum Workplace platform users are manually created in the platform by your Quantum Workplace platform administrator(s) unless other methods are agreed upon (e.g., HRIS integration, QW en masse, etc.)

      Definitions:

      Identity Provider (IdP) refers to a system that creates and manages identity information for principals while providing authentication services to relying on party applications within a federation or distributed network. An identity provider offers user authentication as a service. Common Identity Providers include Azure Active Directory (Azure AD), OneLogin, Ping Identity (PingFederate/ PingAccess), G Suite (Google), Okta, and ADFS. 

      Service Provider (SP) refers to Quantum Workplace.