Single Sign-On (SSO)
Single Sign-On (SSO) is only available in the Enterprise plan. More information can be found at our Pricing page.
Overview
SSO (Single Sign-On) allows you to login to different apps and websites with a single set of credentials. This saves you time to enter your password every time logging in to Quire, which prevents password frustration caused by trying to remember your password. SSO also increases security since it helps reduce the number of user logins to once each day and with one set of credentials and therefore prevent attacks opportunities from hackers.
When your company uses an IdP (identity provider) such as Okta or OneLogin, you can connect your Quire with the IdP for single sign-on. Once the single sign-on is set up for your Quire organization, the organization members will no longer need a password to log into their Quire accounts.
Configure your IdP (identity provider)
The first step is to set up a connection for Quire with your identity provider first. We work with some of the main providers: Okta or OneLogin, but you can also choose to use your own provider that supports SAML 2.0.
If you choose to connect Quire with other IdPs, you will need to create an application and enter the below information to configure SAML.
| SAML Attribute | Map to your identity provider |
|---|---|
https://quire.io/sso/login |
SAML Assertion Consumer Service (ACS) URL for the application |
https://quire.io/sso/metadata |
SP Entity ID of the application |
| Member’s email address | Name ID format |
After the app is created, copy the Identity Provider URL, Entity ID and the Base64 X.509 certificate to use in the next step.
Lastly, remember to add and assign the members in the IdP to the newly created Quire application.
Configure Quire
The second step for setting up SSO in Quire is to enable it for your organization. Click on the dropdown menu icon next to your organization name then select Options.
Navigate to the Security tab and enable the SAML authentication.
You can set the SSO to be required for all members of the organization or set it as Optional, which will allow the members to sign in with passwords for their Quire accounts or identity provider.
Note: If you are the admin of the organization, you will always need to sign in Quire with your password.
Fill in the Identity Provider URL and Entity ID into the corresponding fields and paste the Base64 X.509 certificate copied from your identity provider into the corresponding field.
Test the SSO before saving it. If there is no problem, then you can click Save.
Once the SSO is set up properly for the organization, the organization members will no longer need a password to log into their Quire accounts.
Troubleshooting SSO error
Signing in after member changes email address
If the organization member changes his Quire’s account email address, they will not be able to sign into Quire using the newly changed email address until it has been updated to the identity provider.
In this case, the organization admin must update the newly changed email address in the identity provider.
Read more on our blog about Single sign-on with Quire.