Single Sign-On (SSO) Integration with Okta

This article will walk you through setting up with an SSO configuration with Okta as your IdP.

Configure your IdP with Okta

In a separate browser window, open your Okta instance.

  1. Login to your Okta account to add qTest Manager as an application.

  2. Select the Admin icon in the top, right-hand corner of the window.

  3. Hover on the Applications tab and select Applications from the drop-down menu.

  4. You will need to create a new application by selecting the add application icon.

  5. In the new application General Settings, enter the Application label name ex: qTest.

  6. Select Next and the SAML Settings loads. Enter the following:

    • Single Sign-On URL: found in the qTest Authentication Integration tab

    • Audience URL:found in the qTest Authentication Integration tab

    • Default RelayState: optional

    • Name ID format: optional

    • Application username: select Okta username

    • For qTest to retrieve user information from your IdP, map the following attributes:

      • user.email

      • user.firstname

      • user.lastname

Invite Users to qTest Application from the IdP

Once your qTest application has been entered and saved in Okta. you will need to invite users to the SSO.

  1. Select the Admin icon in the top, right-hand corner of the window.

  2. Hover on the Applications tab and select Applications from the drop-down menu.

  3. You will see your newly created qTest account.

  4. Select the name (blue hyperlink) of the qTest account you created in Okta.

  5. Once the chosen application loads, select the Assignments tab.

  6. Click the green Assign icon, and now you can enter the user information for each employee that you would like to use the SSO for qTest.

Configure your SSO Integration in qTest

  1. In qTest, hover over your username and select Administration.

  2. The Site Administration page loads. Select the Authentication tab.

  3. Select SSO from the left Authentication Systems panel.

  4. It is optional to enter a name for your IdP.

  5. You must enter a URL to your IdP metadata. Alternatively, you can upload a metadata XML file from your local machine. For information on how to download your Okta Metadata, refer to this article.

  6. Select the checkbox to 'Create new account on qTest upon user's first login' to allow users to create their qTest accounts. This will save time and effort because you will not need to invite or update many users. This option will be explained below in the next section.

  7. Switch on Activation status in the top, right-hand corner of the screen.

  8. Select the Save icon to save the configuration.

2.png

  • You will need to switch off the integration with your LDAP systems to enable SSO integration.

EnableSSOlogin for a qTest user

To log in to qTest Manager with SSO. a user will need an SSO account and an associated qTest account. There are three ways to enable SSO login for a qTest user - invite a new user, update an existing user, or allow SSO users to create associated qTest Manager accounts upon their first login (suggested).

Update an Existing qTest User

This 'bulk add' option could be used when adding multiple qTest users to a new SSO application. However, it is still a manual process and could be time-consuming.

  1. In Site Administration, select the Licenses and Users tab.

  2. In the grid, select the Authentication System field for the user, and change that user's Authentication system to SSO.

  3. Change the Authentication System of the user to SSO.

  4. Select the SSO Username field of the user. The field will change to a text box. Enter the user's corresponding SSO username.

  5. Select the Save icon.

  6. The user will receive a notification email.

Allow SSO Users to Create Associated qTest Manager Accounts upon Their First Login

Suggested login option to easily merge the SSO account with qTest.

  1. In your IdP, grant users with the permission to access to qTest Manager.

  2. In qTest Manager, select the option, "Create new account" on qTest upon user's first login.

  3. When users log in to qTest Manager for the first time, they will need to confirm to create an associated qTest Manager account.

    • If qTest retrieves user emails from the IdP, and there is an existing qTest Manager account (authenticated by qTest) with the same email, the user is allowed to associate the SSO account with the qTest Manager account.
    • If the email is manually input, or the qTest Manager account is authenticated by SSO, the user will not be allowed to do so.