Provisioning Qualified Users in OneLogin

Qualified’s Enterprise SSO helps your team access Qualified through a single entry point and gives IT complete control to add, edit, activate, and deactivate users.

In this guide we'll walk you through how to provision Qualified users from within your OneLogin application.

Getting Started

As a prerequisite, ensure that you have configured SSO in Qualified and enabled with OneLogin.

The following provisioning features are supported within Qualified provisioning of SSO users:

  • Push New Users: New users created through OneLogin will also be created in Qualified.
When a user is provisioned, we'll move over their name, phone number, email, timezone, and their profile pic from OneLogin into Qualified automatically. Once this user is created initially, only email and role information can be updated from OneLogin.
  • Push User Deactivation: Deactivating the user or disabling the user's access to Qualified through OneLogin will deactivate the user in Qualified.
For this application, deactivating a user means removing access to login, but maintaining the user's Qualified information as an inactive user.
  • Reactivate Users: User accounts can be reactivated in Qualified via OneLogin.

The following provisioning features that are not supported:

  • Import Users
  • Import/Push Groups
  • Sync password
  • Profile sourcing

Configuration Instructions

Use the steps below to configure SSO provisioning within Qualified. 

In Qualified

  1. Login to your Qualified account as an admin and navigate to Settings > Single sign-on 
  2. Click on the “SCIM Enabled?” toggle to turn it on as shown below
Enabling SCIM within Qualified.
  1. Copy the “SCIM OAuth Bearer Token” that is given after this option is enabled

In OneLogin

  1. Navigate to Users -> Roles within your OneLogin Admin console and create 2 new roles called: “Qualified Admin” and “Qualified Rep”.
  2. Navigate to the Qualified application within your OneLogin Admin console
  3. Go to the Configuration tab and paste your SCIM Oauth Bearer Token in SCIM Bearer Token field in OneLogin.
  4. Paste in the previously copied “SCIM OAuth Bearer Token” from Qualified into the “SCIM Bearer Token” field and click on the “Enable” button as shown below:
Pasting the SCIM bearer token within OneLogin from Qualified
  1. Next, navigate to the Access tab and enable the two new Roles you created for the application.
  2. Go to the Rules tab and create a rule called “Qualified Admin” using the following settings shown below:
Creating a new mapping within OneLogin.
  1. Next, navigate to the Provisioning tab and check the box next to “Enable provisioning” and set “When users are deleted in OneLogin, or the user's app access is removed, perform the below action” to “Suspend” as shown below:
Creating a new workflow within OneLogin.
  1. Optional: Go to the Parameters tab and map the optional Timezone field to whichever custom field you have created to store your Users’ timezones.
  2. Click the “Save” button in the top right corner.

Troubleshooting Tips

  • The only attributes that we will update within Qualified when we receive a “Push Profile Update” is Email and Role.
  • If you have any questions or difficulties, please reach out to your Qualified Success Architect or our technical support team.

Next Steps

Request a live demo

See Qualified in action on your website. Request a live demo and one of our reps will contact you immediately, or talk to us right now.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Free custom demo
Live on your site