Note: Single Sign-On is included in the Enterprise subscription plan, or as an add-on to the Professional Plan. Contact sales@quartzy.com if interested!
Enterprise Single-Sign On (SSO) enables you to control Quartzy access from your Identity Provider (IdP), which increases the security of your data and saves your users from needing yet another password.
The following IdPs are currently supported:
- Okta
- Microsoft Entra ID (formerly Microsoft Azure AD)
- Microsoft ADFS (Active Directory Federation Services)
- Custom SAML (e.g. Shibboleth etc)
- Custom OIDC (Open ID Connect)
- Google Workspace
- Active Directory / LDAP
- PingIdentity / PingFederate
Table of contents:
Getting started: IdP Configuration
You will need to begin by configuring a Quartzy app in your IdP. Here’s the information you might need from Quartzy:
- Callback URLs
- Redirect URI: https://auth0.quartzy.com/login/callback
- Logout URI: https://app.quartzy.com/logout
- Login URI: https://app.quartzy.com
- SP Metadata File
- Let us know if you need an SP Metadata File, and your Implementation Manager will provide one.
Quartzy Configuration
Next, collect the information below from your IdP, and send it to Quartzy. You can send this via Email or Zoom chat, which are encrypted. If you require higher security, we recommend using onetimesecret.com.
If you are using Okta, Azure AD, Google Workspace, Quartzy will need to receive the following information:
- Domain
- Client ID
- Client Secret
- All email domains that have been approved for SSO at your organization
If you are using SAML (incl. Shibboleth, Ping Federate), Quartzy will need to receive the following information:
- Domain / Sign In URL
- Sign Out URL (Optional)
- X509 Certificate
- Signing Requirements (Optional)
- All email domains that have been approved for SSO at your organization
For any IdP not listed here, as well as custom integrations, your Implementation Manager will walk you through the configuration.
Test Phase
After the configuration steps are completed, you can test the connection in the following ways:
- Provision a test user in your IdP that Quartzy can use for validation.
- Quartzy can provide you with a test URL, and you can login as yourself or your own test user. This test URL will redirect to https://jwt.io/
Go-Live
Once your SSO integration is enabled, all existing users will be logged out of Quartzy. Their former username and password combo will no longer be recognized. Going forward, if the domain of their email address matches the list of approved domains that you provided Quartzy, they’ll be automatically redirected to your IdP for authentication, and then automatically redirected to their Quartzy account. You can also add the Quartzy app to your IdP dashboard and users can click that app tile to login.
Existing Quartzy users: If there are existing users in your organization's Quartzy account with an email address that does not match your HRD domain, those users will be prompted to provide an email address with an approved domain, in order to retain access to their Quartzy account.
New Quartzy users: New users can automatically join your Quartzy Organization via Enterprise SSO. Once they've joined, Lab Managers can create a Quartzy lab for each lab that they manage. Other lab users should request an invitation to their Quartzy lab from their Lab Manager or Admin. Here's how: How to join an existing Organization or Lab on Quartzy
Comments