Okta

If you want to setup SSO along with SCIM (user provisioning), jump to this section.

SSO (SAML) Setup:

To set up your Qase account with SSO/SAML and Okta, you'll need to take the following steps:

1. Login to your Okta Admin dashboar

2. Go to Applications and click on "Browse App Catalog"

3. Search for "Qase"

4. Click on "Add Integration

5. Check on the option for "Do not display application icon to users" and click "Done"

6. Once activated, go to the "Sign On" tab, and on the lower left, click "View SAML setup instructions".

7. This will take you to another page where you will find your SAML Sign-In URL, Identity Provider Issuer, and your Key x509 Certificate and further instructions on how to add these to Qase.

8. Google setup is complete. Now you need to go to the Qase security page and link your account with Google's credentials. Click on the "Enable SSO/SAML" toggle button and fill the form

  • Map the following parameters as shown in the screenshot above.

  • SAML Sign-in URL

  • Identity Provider Issuer

  • Key x509 Certificate

  • Domains*: provide a list of domains separated by a comma, that will be used for SSO. Public domains like Gmail, Hotmail, etc. are not allowed. *This step is mandatory.

    Any domains that are added will need to be verified. To do so, you will need to add a TXT record to the domain's DNS records

9. If you want new users who join your team to become a read-only by default, check "Automatically add new users as read-only members" checkbox.

After the form is filled, click on the "Save" button.

Setup is complete. Now you can logout from the app and log in through the SSO login form.

Setting up SCIM for User Provisioning and De-provisioning

With SCIM, the IdP will automatically create, update and delete users on Qase when you modify them on the IdP.

The Qase app on the Okta appstore doesn't support the SCIM features, so we'll need to set up a custom app if you need the SCIM feature.

From the Admin console, choose 'Applications' and then, click 'Create App Integration'

Choose 'SAML 2.0'

On the next page, provide a name for this app and continue to Step 2.

Fill out the following details:

  1. Single sign-on URL: https://app.qase.io/sso/login (we can use this value for the receipient and destination URL)

  2. Audience URI (SP Entity ID): https://app.qase.io/saml/metadata

  3. NameID format: persistent

  4. Application username: Okta username

Once the app is created, you'll need to go to the General tab and check the SCIM option.

When you enable the SCIM option, you'll see a new tab that says - 'Provisioning'. Here, you'll need to enter the following info:

  1. SCIM connector base URL: https://app.qase.io/scim/v2/

  2. Unique identifier field for users: email

  3. Check the first three options (Currently, Qase SCIM API doesn't support Groups provisioning)

  4. Select Authentication mode as HTTP Header

  5. In this field, enter the SCIM token generated from: https://app.qase.io/workspace/scim

You can test the connector configuration to check if everything is right.

Once the connection is tested to be working successfully, enable the following options from the 'To app' section –

  1. Create Users

  2. Update User Attributes

  3. Deactivate Users

That's it, you've successfully configured SCIM for Qase with Okta. You can set up the SSO on this app, from the Sign-on tab.

For the data that you'll need to set up on Qase, follow this link and the instructions on the landing page.

IdP initiated login is not supported.

Users will have to sign-in from this Qase's SSO Login page: https://app.qase.io/sso/login

Last updated