Qualio is not an Identity Provider. Qualio supports Single Sign-On [hereafter known as SSO] as the client delivering a solution that allows you to automatically log in and create users who are authorized by Identity Provider Service. So in order to use SSO in Qualio, you must already have an ID service, in this case, OKTA!

The SSO function is not turned on by default. To enable it, please contact Qualio support for information on how to enable it. The required element is information about the email domain of qualio users [99% of the time, this is the bit after the @ sign - for us its Qualio.com]. When the service is enabled, a special configuration panel will be made available where you can establish a connection with your identity provider.

Configuration

1. Open SSO configuration page

- click on

then select Organization Settings, after loading the setting page, click on SSO/SAML.

- or hit URL https://app.qualio.com/manage/idp when you are logged in to Qualio.

The initial configuration panel should look like this:

Note: this page will be accessible only for Quality users when the SSO feature is turned on for you.

2. Add a new configuration for SSO/SAML integration

Click on Configure SSO/SAML Configuration. The following panel should appear:

3. Get your local OKTA Administrator to create the application integration. You want to add an application, like in the screenshot below.

It needs to be a SAML2 sign-on method.

4. Configure Integration in the Qualio admin panel

During a configuration new application (SAML 2.0), OKTA will deliver data that needs to put on the client-side (Qualio). They should be named in a similar way. Integrating with Qualio requires passing 3 values:

- Entity Id - Sign into the Okta Admin Dashboard to generate this variable.

Once you have it, this value needs to be copied to this field in the administration panel:

- SSO url (Login URL/SignOn URL: Sign into the Okta Admin Dashboard to generate this.)

This value needs to be copied to this field in the administration panel:

- X.509 certificate (Ensure it is a saved file in PEM Text Format - : Sign into the Okta Admin Dashboard to get it)

Download the file (Again, it will have the extension *.pem) then upload using the following form:

After filling those, click Save!

5. Configure Integration in the Identity Provider admin panel

- during a configuration new application (SAML 2.0), OKTA will require data from the client (Qualio). Use the following fields to achieve that:

Note: Not all of these fields shall be used during a configuration, it depends on Identity Provider. In the best scenario, passing the metadata URL should be enough.

Note: You can easily copy (or download as a file) those values clicking on the buttons on the right.

6. Configure Attribute Mapping in the Identity Provider admin panel

- the last part is setting up attribute mapping. This step is important because it allows synchronizing data from Identity Provider to Qualio. Minimal configuration requires setting up a firstName and lastName attribute. Here is an example from GSuite:

Post Setup Work:

  • Once the configuration is complete, you can test the SSO login operation. The first option to use the SSO application panel. You must log in as any user from your organization. So go to https://app.qualio.com/login, click on the button for Sign In with SSO/SAML, enter an email from someone in your company who should have access and sign in.
  • If an error pops up when you try to log in, you may have a configuration error. If you are unable to fix the configuration using the information provided in the error, please contact Qualio support.

Notes

  • If the user is logging in for the first time using SSO, a new account will be created (if the user was not invited earlier). In this situation, the user’s role will be basic user.
  • Each account in Qualio still will require having its own password for a digital signature [or for when that user completes training, for example]. This password will allow users to log in to the application as well (without using IDP). To enforce users log in only with SSO, select that checkbox in the Qualio SSO configuration screen, Please verify if SSO works before selecting this option - In the worst scenario - please contact Qualio Support.

Did this answer your question?