QEHSQEHS
Sign inBook a demo

Developer portal

Identity provider setup

Eight IdPs, same platform. SAML + OIDC for login, SCIM 2.0 for provisioning. Full integration guides with screenshots in the product help.

Supported IdPs

IdPProtocolSCIMNote
OktaBothYesNative Okta Integration Network app.
Microsoft Entra IDBothYesGallery app for SAML + SCIM; OIDC via custom registration.
Google WorkspaceBothYesCustom SAML app template + SCIM via an Admin SDK bridge.
JumpCloudBothYesSAML+SCIM tested; OIDC supported.
OneLoginBothYesSAML+SCIM fully supported.
Auth0OIDCNoOIDC supported via Auth0 as IdP; SCIM not supported by Auth0.
Ping IdentityBothYesSAML+SCIM certified.
Duo SSOSAMLNoSAML only.

Generic setup shape

  1. In the QEHS app, open https://app.qehsethos.com/settings/sso and copy the Entity ID / ACS URL (SAML) or Client ID / Redirect URI (OIDC).
  2. In your IdP, create a new SAML/OIDC app and paste the values.
  3. Download the IdP signing certificate (SAML) or discovery URL (OIDC) and paste back into QEHS.
  4. Define attribute / claim mappings — email, first name, last name, groups.
  5. Enable JIT provisioning (creates users on first login) OR go further and configure SCIM.
  6. Test with a single user; once green, enforce SSO for the tenant.
Each IdP has its own friction points — Entra ID's SCIM attribute mapping for multi-valued groups, Okta's Issuer slash behaviour, Google's hand-rolled SCIM bridge. See the in-product Help Center articles for screenshots and working examples.