Follow the below instructions to configure SSO for your Quoter account using Okta as the SAML identity provider.
Prerequisites
You must be subscribed to our Pro or Enterprise plans
You must be an Account Owner to configure SSO for your Quoter account.
Ensure your users are provisioned in the identity provider (Okta), with exactly the same email address as their Quoter account. We don’t create user accounts under SSO.
Before turning this feature on, log in to your Quoter account twice - once in a regular browser and once in an incognito/private window to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in using two separate browsers.
Configuring Okta
1. In Okta, head to the Applications screen and then click Add Application.
2. Click the Create New App button.
3. In the modal, select SAML 2.0 and click Create.
4. Under General Settings, give the application a name and then click Next.
5. In the Configure SAML settings, fill in the following:
Single sign on URL: subdomain.quoter.com/users/login_saml (with your Quoter subdomain where it says subdomain).
Audience URI (SP Entity ID): subdomain.quoter.com (with your Quoter subdomain where it says subdomain).
Name ID Format: Email Address
Application Username: Email
6. Click the Show Advanced Settings link to configure advanced SAML assertion settings.
7. Configure the Signature Algorithm (RSA-SHA1) and SAML Issuer ID (https://www.okta.com/$[org.externalKey])
8. Click Next.
9. Under Feedback, select “I’m an Okta customer adding an internal app”, check “This is an internal app that we have created”, and then click Finish.
10. On the next screen, click View Setup Instructions.
11. Leave this window open as you configure Quoter.
Configuring Quoter
After setting up Okta, you need to configure your Quoter account to authenticate using SAML. You will need a few pieces of information from Okta to complete this step.
It's highly recommended that before you begin the below set of instructions, log in to your Quoter account twice - once in a regular browser and once in an incognito/private window.
Alternatively, you can also log in to two separate browsers to ensure that you are still logged in to your account in case you are locked out in the other window.
1. Log in to Quoter and click Account from the top navigation bar.
2. Click Authentication and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to collect information from Okta and enter it into this form.
Copy the Okta Identity Provider Issuer and paste it into the Quoter Issuer (Entity ID) field.
Copy the Okta Identity Provider Single Sign-On URL and paste it in the Quoter SAML Login URL field.
Copy the Okta Identity Provider Single Sign-On URL and paste it in the Quoter SAML Logout URL field.
Copy the certificate and paste it into the Quoter Certificate field. Important: Ensure that there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).
3. Click Save to complete the setup of your account only when all information has been entered. If you turn on SSO before the information is entered, it will break the login experience for all users on your account.
Once you make this change, you can test your access.
Testing SSO authentication
Before you configured SSO, you should have opened Quoter in two separate browsers. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.
To make sure SSO is working, perform these steps:
Log out of and close any Okta browser sessions you have open.
In a new browser session, navigate to your Quoter account subdomain (subdomain.quoter.com) directly. This should redirect you to the identity provider.
Enter your SSO credentials.
After entering your credentials, you should be redirected and logged in to Quoter.