Skip to main content
SSO is free with every Full Service plan until 2027.
QA Wolf supports SSO via SAML 2.0 and OpenID Connect, which covers most enterprise identity providers, including Okta, Azure AD, Google, OneLogin, JumpCloud, Auth0, ADFS, and Shibboleth.

Set up SSO

The person configuring SSO must have the following permissions:

QA Wolf permissions

Identity provider permissions

The administrator must be able to:
  • Verify your organization domain, such as by adding a TXT record.
  • Create applications in the identity provider.
  • Configure SAML or OIDC authentication settings.
  • Assign users or groups to applications.

Information needed for setup

Depending on your identity provider, you may need:
  • Identity provider metadata URL
  • Issuer URL
  • X.509 signing certificate
  • ACS URL
  • Audience / Entity ID
  • Redirect or callback URL

Verify your email domain

You can only set up SSO for verified email domains. In other words, you need to prove you own the domain name. As the SSO Admin:
  1. Sign in to QA Wolf.
  2. Navigate to Workspace Settings → Organization.
  3. In the Domain Verification section, click Add domain.
Follow the instructions to add and verify as many domains as needed for your organization.

Open the SSO settings page

As the SSO Admin:
  1. Sign in to QA Wolf.
  2. Navigate to Workspace Settings → Organization.
  3. Click Set up SSO.
This page contains the configuration values required for your identity provider.

Create an application in your identity provider

In your identity provider:
  1. Create a new application for QA Wolf.
  2. Select SAML or OIDC authentication.
  3. Enter the configuration values provided in the QA Wolf SSO settings page.
Typical configuration fields include:
SettingDescription
ACS URLEndpoint that receives authentication responses
Audience / Entity IDIdentifier used to verify the QA Wolf application
Redirect / Callback URLURL users return to after authentication

Enter identity provider details in QA Wolf

After creating the application in your identity provider, return to the QA Wolf SSO settings page and enter the details provided by your identity provider. Typical configuration fields include:
SettingDescription
Issuer URLUnique identifier for your identity provider
Metadata URLURL where QA Wolf retrieves your identity provider’s configuration
X.509 CertificateCertificate used to verify tokens from your identity provider
Login URLEndpoint where QA Wolf sends authentication requests
After saving, assign users or groups to the QA Wolf application in your identity provider.

Test login

Before enabling access for your entire organization, test SSO with a single admin user.
1
Assign the admin user to the QA Wolf application in your identity provider.
2
Start a login attempt from the QA Wolf sign-in page.
3
Complete authentication in your identity provider.
4
Verify the user is redirected back to QA Wolf successfully.
Testing with one admin helps catch configuration issues before enabling access for additional users.

Account matching

When a user signs in with SSO, QA Wolf matches the user to an existing account using their email address. The email provided by your identity provider must exactly match the email associated with the user’s QA Wolf account. If the email addresses do not match, the user may not be able to access the workspace. Before enabling SSO broadly, confirm that user email addresses match between your identity provider and QA Wolf.

Sign in with SSO

1

Open the QA Wolf login page

Users open the QA Wolf login page.
2

Enter your email address and click Continue

Based on the domain name of the email they enter, users automatically begin the SSO flow for their identity provider.
3

Authenticate with the identity provider

Users authenticate using their organization’s identity provider.
4

Return to QA Wolf

After authentication, users are redirected back to QA Wolf.
Authentication is handled by the identity provider.

Troubleshooting

I do not see the SSO setup page

Confirm that:
  • You have been granted the SSO Admin role by a user with the Membership Manager role.
  • You signed out of QA Wolf and signed back in after your role was updated.

A user cannot sign in

Check that:
  • The user is assigned to the QA Wolf application.
  • The user is signing in with the correct email address.
  • The SSO configuration has been saved.

Authentication fails

Verify that the following values match between QA Wolf and your identity provider:
  • ACS URL
  • Audience / entity ID
  • Issuer
  • Login URL
  • Certificate

Users are not redirected back to QA Wolf

Ensure the redirect or callback URL configured in your identity provider matches the value shown in the QA Wolf SSO settings page.
Last modified on June 30, 2026