Single Sign-On (SSO) - Implementation Overview

Note: Single Sign-On is included in the Enterprise subscription plan, or as an add-on to the Professional Plan. Contact sales@quartzy.com if interested! 

 

Enterprise Single-Sign On (SSO) enables you to control Quartzy access from your Identity Provider (IdP), which increases the security of your data and saves your users from needing yet another password. 

The following IdPs are currently supported: Okta, Microsoft Entra (formerly Azure), ADFS, Custom SAML (e.g. Shibboleth), Custom OIDC, Google Workspace, Active Directory / LDAP, and PingIdentity/PingFederate

Table of contents: 

Getting started: IdP Configuration

You will need to begin by configuring a Quartzy app in your IdP. Here’s the information you might need from Quartzy:

Quartzy Configuration

Next, collect the information below from your IdP, and send it to Quartzy. You can send this via Email or Zoom chat, which are encrypted. If you require higher security, we recommend using onetimesecret.com.

If you are using Okta, Azure AD, Google Workspace, Quartzy will need to receive the following information:  

  • Domain
  • Client ID
  • Client Secret
  • All email domains that have been approved for SSO at your organization 

If you are using SAML (incl. Shibboleth, Ping Federate), Quartzy will need to receive the following information: 

  • Domain / Sign In URL
  • Sign Out URL (Optional)
  • X509 Certificate
  • Signing Requirements (Optional)
  • All email domains that have been approved for SSO at your organization 

For any IdP not listed here, as well as custom integrations, your Implementation Manager will walk you through the configuration. 

 

Test Phase 

After the configuration steps are completed, you can test the connection in the following ways:

  • Provision a test user in your IdP that Quartzy can use for validation. 
  • Quartzy can provide you with a test URL, and you can login as yourself or your own test user. This test URL will redirect to https://jwt.io/

Go-Live

Once your SSO integration is enabled, all existing users will be logged out of Quartzy. Their former username and password combo will no longer be recognized. Going forward, if the domain of their email address matches the list of approved domains that you provided Quartzy, they’ll be automatically redirected to your IdP for authentication, and then automatically redirected to their Quartzy account. You can also add the Quartzy app to your IdP dashboard and users can click that app tile to login. 

SSO Example.png

Existing Quartzy users: If there are existing users in your organization's Quartzy account with an email address that does not match your HRD domain, those users will be prompted to provide an email address with an approved domain, in order to retain access to their Quartzy account. 

New Quartzy users: New users can automatically join your Quartzy Organization via Enterprise SSO. Once they've joined, Lab Managers can create a Quartzy lab for each lab that they manage. Other lab users should request an invitation to their Quartzy lab from their Lab Manager or Admin. Here's how: How to join an existing Organization or Lab on Quartzy

 

Next Up: Learn more about how to login via SSO

More questions? Contact us

Have more questions? Submit a request

Comments