Provisioning Qualified Users in Okta

Qualified’s enterprise SSO helps your team access Qualified through a single entry point and gives IT complete control.

In this article, we'll walk you through how to provision your Okta SSO users right from within Qualified.

Getting Started

As a prerequisite, you'll want to first make sure that you have configured SSO in Qualified and enabled with Okta.

The following provisioning features are supported within Qualified provisioning of SSO users:

Push New Users: New users created through Okta will also be created in the third-party application.

When a user is provisioned, we'll move over their name, role, phone number, email, and timezone from Okta into Qualified automatically. Once this user is created initially, we will not push or update the information again outside of email and role information.

Push Profile Updates: Updates made to the user's profile through Okta will be pushed to Qualified (email and role).
Push User Deactivation: Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Qualified.

For this application, deactivating a user means removing access to log in, but maintaining the user's Qualified information as an inactive user.

Reactivate Users: User accounts can be reactivated in the application via Okta.

The following provisioning features are not supported:

Import Users
Import/Push Groups
Sync password
Profile sourcing

Configuration Instructions

Use the steps below to configure SSO provisioning within Qualified.

In Qualified:

Log in to your Qualified account and navigate to Settings > Single Sign-On.
Click on the “SCIM Enabled?” toggle to turn it on.
Copy the “SCIM OAuth Bearer Token.”

SCIM Enabled toggle shown within the Qualified application

In Okta

Navigate to the Qualified application within your Okta Admin console.
Go to the “Provisioning” tab and then click on “Integration.”
Click the “Configure API integration” button.

ConfiguringClicking the "Configure API Integration" button within your Okta account.

4. Paste in the previously copied “SCIM OAuth Bearer Token” from Qualified into the “API Token” field and make sure the checkbox next to “Enable API integration” is checked.

Enter in your token copied within Qualified in the earlier step.

5. Click on “Test API Credentials" and then click “Save.”
6. Click on the “To App” link on the left-hand side within the “Provisioning” tab.
7. Click the “Edit” button on the top right and then click the checkbox to enable “Create Users,” “Update User Attributes,” and “Deactivate Users.”

Enable all options shown above for creating, updating, and deactivating users within Qualified.

For each user, assign the appropriate Qualified Role in the Assignments tab.

Meetings Users

We recently added a new user role: Meetings, and you add this role in Okta by following the below instructions:

Go to the Admin settings for the Qualified App within Okta and click on the "Provisioning" tab -> "Go to Profile Editor"
Click the Pencil Icon for "Qualified Role" to open up an editing modal
Click the "+ Add Another" button under the "Attribute members" section and add Meetings as a Display Name and meetings as the value. Note: the value must be labelled as meetings.
Click Save Attribute
Assign your reps to the new Meetings role

Troubleshooting Tips

The only attributes that Qualified will update within Qualified when we receive a “Push Profile Update” are Email and Role.
If you have any questions or difficulties, please reach out to the Qualified Technical Support team.