Qualified’s enterprise SSO helps your team access Qualified through a single entry point and gives IT complete control.
In this article, we'll walk you through how to provision your Okta SSO users right from within Qualified.
Getting Started
As a prerequisite, you'll want to first make sure that you have configured SSO in Qualified and enabled with Okta.
The following provisioning features are supported within Qualified provisioning of SSO users:
- Push New Users: New users created through Okta will also be created in the third-party application.
When a user is provisioned, we'll move over their name, role, phone number, email, and timezone from Okta into Qualified automatically. Once this user is created initially, we will not push or update the information again outside of email and role information.
- Push Profile Updates: Updates made to the user's profile through Okta will be pushed to Qualified (email and role).
- Push User Deactivation: Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Qualified.
For this application, deactivating a user means removing access to log in, but maintaining the user's Qualified information as an inactive user.
- Reactivate Users: User accounts can be reactivated in the application via Okta.
The following provisioning features are not supported:
- Import Users
- Import/Push Groups
- Sync password
- Profile sourcing
Configuration Instructions
Use the steps below to configure SSO provisioning within Qualified.
In Qualified:
- Log in to your Qualified account and navigate to Settings > Single Sign-On.
- Click on the “SCIM Enabled?” toggle to turn it on.
- Copy the “SCIM OAuth Bearer Token.”
In Okta
- Navigate to the Qualified application within your Okta Admin console.
- Go to the “Provisioning” tab and then click on “Integration.”
- Click the “Configure API integration” button.
4. Paste in the previously copied “SCIM OAuth Bearer Token” from Qualified into the “API Token” field and make sure the checkbox next to “Enable API integration” is checked.
5. Click on “Test API Credentials" and then click “Save.”
6. Click on the “To App” link on the left-hand side within the “Provisioning” tab.
7. Click the “Edit” button on the top right and then click the checkbox to enable “Create Users,” “Update User Attributes,” and “Deactivate Users.”
For each user, assign the appropriate Qualified Role in the Assignments tab.
Meetings Users
We recently added a new user role: Meetings, and you add this role in Okta by following the below instructions:
- Go to the Admin settings for the Qualified App within Okta and click on the "Provisioning" tab -> "Go to Profile Editor"
- Click the Pencil Icon for "Qualified Role" to open up an editing modal
- Click the "+ Add Another" button under the "Attribute members" section and add Meetings as a Display Name and meetings as the value. Note: the value must be labelled as meetings.
- Click Save Attribute
- Assign your reps to the new Meetings role
Troubleshooting Tips
- The only attributes that Qualified will update within Qualified when we receive a “Push Profile Update” are Email and Role.
- If you have any questions or difficulties, please reach out to the Qualified Technical Support team.