The following provisioning features are supported within Qualified provisioning of SSO users:
Push New Users: New users created through Azure will also be created in the third party application.
When a user is provisioned, we'll move over their name, role, phone number, email, and timezone from Okta into Qualified automatically. Once this user is created initially, we will not push or update the information again outside of email and role information.
Push Profile Updates: Updates made to the user's profile through Azure will be pushed to Qualified (email and role).
Push User Deactivation: Deactivating the user or disabling the user's access to the application through Azure will deactivate the user in Qualified.
For this application, deactivating a user means removing access to login, but maintaining the user's Qualified information as an inactive user.
Reactivate Users: User accounts can be reactivated in the application via Azure.
The following provisioning features that are not supported:
Before you begin with this setup you’ll first want to create two roles within Azure:
One called: "Qualified Rep" and the other
These roles are used for SCIM User Provisioning to set the correct role of the user within Qualified. Those assigned the “Qualified Rep” role will have rep permissions within Qualified and those assigned to the “Qualified Admin” role will be assigned admin privileges within Qualified.
Once those two roles are created proceed to the configuration steps below.
To get started you’ll want to login to your Qualified account and navigate to Settings > Single sign-on within Qualified.
Click on the “SCIM Enabled?” toggle to turn it on and reveal the API URL and Bearer Token.
Back in Azure
In the Provisioning section of the Qualified app you setup within Azure AD, set the Admin Credentials by pasting in the URL and Secret Token (Bearer Token) from the Qualified Single Sign-on Settings and then click Test Connection.
Next you need to set up mappings for AD Users. The following mappings need to be created:
We do not support Groups at this time so please disable those mappings and also please note the bottom expression needs to test the value of your Admin role.
5. Make sure that both the AD Attribute and "customappsso Attribute" match exactly what is in the screenshot above.
6. Once you are done, you are able to start the provision process.
The only attributes that Qualified will update within Qualified when we receive a “Push Profile Update” is Email and Role.
If you have any questions or difficulties, please reach out to Qualified Technical Support at firstname.lastname@example.org
Request a live demo
See Qualified in action on your website. Request a live demo and one of our reps will contact you immediately, or talk to us right now.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Free custom demo
Live on your site
The definitive podcast for B2B CMOs and Demand Gen Leaders