QEHS EthosEHS Ethos

Integrations / Identity & SSO

Okta

SAML + OIDC SSO, SCIM provisioning, role mapping.

Identity & SSOGenerally availableBusiness + Enterprise

Single sign-on via SAML 2.0 and OIDC, SCIM 2.0 user + group provisioning, just-in-time attribute-driven role assignment, step-up MFA for high-risk transitions.

Capabilities

  • SAML 2.0 + OIDC SSO
  • SCIM 2.0 user + group sync
  • JIT provisioning with group-to-role mapping
  • Step-up MFA (WebAuthn, push, TOTP)

Setup steps

  1. Enable the Okta connector in Settings → Integrations.
  2. Copy the QEHS metadata URL and paste it into your IdP application.
  3. Map user attributes to the required QEHS claims.
  4. Test the connection with a sandbox user.
  5. Enable for all users and verify provisioning logs.

Every integration is auditable

HMAC-signed webhooks, OpenAPI 3.1, SDKs in every major language.

Integrations layer sits on top of the same audit log your security team already reviews, nothing bypasses the tenant boundary.

Okta integration | QEHS Ethos