Provisioning Qualified Users in Azure AD

Qualified’s Enterprise SSO helps your team access Qualified through a single entry point and gives IT complete control.

In this guide we'll walk you through how to provision your Azure AD SSO users right from within the Qualified application.

Getting Started

As a prerequisite you'll want to first make sure that you have configured SSO in Qualified and enabled with Azure AD

The following provisioning features are supported within Qualified provisioning of SSO users:

  • Push New Users: New users created through Azure will also be created in the third party application.
When a user is provisioned, we'll move over their name, role, phone number, email, and timezone from Okta into Qualified automatically. Once this user is created initially, we will not push or update the information again outside of email and role information.
  • Push Profile Updates: Updates made to the user's profile through Azure will be pushed to Qualified (email and role).
  • Push User Deactivation: Deactivating the user or disabling the user's access to the application through Azure will deactivate the user in Qualified.
For this application, deactivating a user means removing access to login, but maintaining the user's Qualified information as an inactive user.
  • Reactivate Users: User accounts can be reactivated in the application via Azure.

The following provisioning features that are not supported:

  • Import Users
  • Import/Push Groups
  • Sync password
  • Profile sourcing

In Azure

Before you begin with this setup you’ll first want to create two roles within Azure:

  • One called: "Qualified Rep" and the other 
  • "Qualified Admin"

These roles are used for SCIM User Provisioning to set the correct role of the user within Qualified. Those assigned the  “Qualified Rep” role will have rep permissions within Qualified and those assigned to the “Qualified Admin” role will be assigned admin privileges within Qualified.

Once those two roles are created proceed to the configuration steps below.

In Qualified

  1. To get started you’ll want to login to your Qualified account and navigate to Settings > Single sign-on within Qualified. 
  2. Click on the “SCIM Enabled?” toggle to turn it on and reveal the API URL and Bearer Token.
Enablign SCIM for SSO
Enabling SCIM within Qualified SSO settings.

Back in Azure

  1. In the Provisioning section of the Qualified app you setup within Azure AD, set the Admin Credentials by pasting in the URL and Secret Token (Bearer Token) from the Qualified Single Sign-on Settings and then click Test Connection.
  1. Next you need to set up mappings for AD Users.   The following mappings need to be created:
Azure AD SSO mappings
Azure AD mappings.
We do not support Groups at this time so please disable those mappings and also please note the bottom expression needs to test the value of your Admin role.

5. Make sure that both the AD Attribute and "customappsso Attribute" match exactly what is in the screenshot above.

6. Once you are done, you are able to start the provision process.

Troubleshooting Tips

  • The only attributes that Qualified will update within Qualified when we receive a “Push Profile Update” is Email and Role.
  • If you have any questions or difficulties, please reach out to Qualified Technical Support at help@qualified.com

Request a live demo

See Qualified in action on your website. Request a live demo and one of our reps will contact you immediately, or talk to us right now.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Free custom demo
Live on your site