SSO Configuration for Okta Customers

Quartzy allows users to login via Okta as Single Sign-On (SSO) using Express Configuration. This document details how to configure SSO for your organization.

Prerequisites

In order to proceed with configuring login with SSO through Okta, you must:

  • Have access to an Okta tenant
  • Be an Okta administrator to that tenant
  • Have an active user in Quartzy

Supported Features

Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Quartzy.

Just-In-Time (JIT) Provisioning - Users are automatically created on their first login. Email and name attributes are provisioned.

Universal Logout - When enabled, Okta can terminate user sessions and tokens when risk is detected or when an admin initiates logout.

Configuration Steps

Step 1: Request Admin Account

Send an email to support@quartzy.com with the email address you want to use for the Express Configuration admin account.

Step 2: Receive Credentials from Quartzy

Quartzy support will create an admin account and reply with a temporary password and organization name.

Step 3: Add Quartzy Application in Okta

  1. In Okta, go to Applications → Browse App Catalog
  2. Search for Quartzy and click Add Integration
  3. Click Done

Step 4: Express Configure SSO

  1. On the newly created Quartzy application, click the Sign On tab
  2. Click Express Configure & Universal UL
  3. Enter the organization name provided by Quartzy
  4. When prompted for credentials, enter the admin email and temporary password provided by Quartzy
  5. On the next screen, approve the connection with Quartzy to complete the setup

Step 5: Enable Universal Logout

  1. On the Sign On tab of the Quartzy application
  2. Check the box for "Okta system or admin initiates logout"

Step 6: Notify Quartzy

Send an email to support@quartzy.com to confirm that you have completed the Express Configuration setup.

Quartzy support will then:

  • Enable home realm discovery for your domain
  • Enable application access so your users can log in

Wait for confirmation from Quartzy before proceeding to the next step.

Step 7: Assign Users and Test

Once Quartzy has confirmed the setup is complete:

  1. Assign the admin account to the Quartzy application in Okta
  2. Assign any other users or groups that should have access to Quartzy
  3. Test the login flow by navigating to app.quartzy.com/login and logging in with the admin account
  4. You should be automatically redirected to your Okta SSO login

Step 8: Confirm Completion

After successfully testing the login flow, send a final email to support@quartzy.com to confirm everything is working.

Quartzy will then remove the temporary admin account as it is no longer needed.

SP-Initiated SSO (Logging Into Quartzy Using Okta)

The sign-in process is initiated from Quartzy.

  1. From your browser, navigate to app.quartzy.com/login
  2. Enter your employee email address
  3. You will be automatically prompted to authenticate with Okta
  4. Enter your Okta credentials (email and password) and sign in

If your credentials are valid, you are redirected to Quartzy.

Universal Logout

When Universal Logout is enabled, Okta can terminate user sessions across all applications when:

  • An administrator initiates a logout from the Okta Admin Console
  • The Okta system detects risk and terminates sessions for security

This ensures that when a user is logged out of Okta, they are also logged out of Quartzy.

Just-In-Time (JIT) Provisioning

With JIT provisioning enabled, users are automatically created in Quartzy when they first sign in via Okta.

How it works:

  • When a user authenticates via Okta for the first time, a new user account is automatically created with the email and name from Okta
  • The user is granted access to Quartzy immediately
  • The user will not automatically be a member of any Labs in Quartzy unless they have an invite. New users can choose to create a new lab, or get an invite to an existing lab.

Attributes Provisioned:

  • Email address
  • Full name

Info

Role assignment is managed separately within Quartzy and is not currently mapped from Okta attributes.

Notes

  • Once Okta is configured, Quartzy only allows SSO-based login and does not support password-based login
  • Please ensure that all users who need access to Quartzy can authenticate using Okta

Troubleshooting

If you encounter any issues during configuration or login, please contact Quartzy support at support@quartzy.com

Harry Wornick -
Have more questions? Submit a request

Comments