Set up SSO
The person configuring SSO must have the following permissions:QA Wolf permissions
- Workspace admin access.
Identity provider permissions
The administrator must be able to:- Create applications in the identity provider.
- Configure SAML or OIDC authentication settings.
- Assign users or groups to applications.
Information needed for setup
Depending on your identity provider, you may need:- Identity provider metadata URL
- Issuer URL
- X.509 signing certificate
- ACS URL
- Audience / Entity ID
- Redirect or callback URL
Verify your email domain
You can only set up SSO for verified email domains. In other words, you need to prove you own the domain name. After QA Wolf enables SSO configuration access:- Sign in to QA Wolf.
- Navigate to Workspace Settings → Organization.
- In the Domain Verification section, click Add domain.
Open the SSO settings page
After QA Wolf enables SSO configuration access:- Sign in to QA Wolf.
- Navigate to Workspace Settings → Organization.
- Click Set up SSO.
Create an application in your identity provider
In your identity provider:- Create a new application for QA Wolf.
- Select SAML or OIDC authentication.
- Enter the configuration values provided in the QA Wolf SSO settings page.
| Setting | Description |
|---|---|
| ACS URL | Endpoint that receives authentication responses |
| Audience / Entity ID | Identifier used to verify the QA Wolf application |
| Redirect / Callback URL | URL users return to after authentication |
Enter identity provider details in QA Wolf
After creating the application in your identity provider, return to QA Wolf and enter the required identity provider configuration details. Then assign users or groups to the QA Wolf application in your identity provider.Test login
Before enabling access for your entire organization, test SSO with a single admin user.
Testing with one admin helps catch configuration issues before enabling access for additional users.
Account matching
When a user signs in with SSO, QA Wolf matches the user to an existing account using their email address. The email provided by your identity provider must exactly match the email associated with the user’s QA Wolf account. If the email addresses do not match, the user may not be able to access the workspace. Before enabling SSO broadly, confirm that user email addresses match between your identity provider and QA Wolf.Sign in with SSO
Enter your email address and click Continue
Based on the domain name of the email they enter, users automatically begin the SSO flow for their identity provider.
Authenticate with the identity provider
Users authenticate using their organization’s identity provider.
Troubleshooting
I do not see the SSO setup page
QA Wolf may not have enabled the SSO configuration view for your admin user. Contact QA Wolf and confirm which admin email addresses should have setup access.A user cannot sign in
Check that:- The user is assigned to the QA Wolf application
- The user is signing in with the correct email address
- The SSO configuration has been saved
Authentication fails
Verify that the following values match between QA Wolf and your identity provider:- ACS URL
- Audience / entity ID
- Issuer
- Login URL
- Certificate