Documentation
SSO β Okta / Azure / SAML
Coming soon β Enterprise plan.
Single Sign-On (SSO) lets your enterprise team log into Stirling-QR using your company identity provider β Okta, Azure Active Directory, Google Workspace, or any SAML 2.0 compatible IdP. No separate Stirling-QR passwords needed.
How SSO works
When a team member navigates to your Stirling-QR workspace and enters their company email, they are redirected to your identity provider's login page. After authenticating with their company credentials (and MFA if required), they are returned to Stirling-QR and logged in automatically. Stirling-QR never sees or stores their password.
Supported identity providers
Okta (workforce identity), Microsoft Azure Active Directory (Entra ID), Google Workspace, and any provider that supports SAML 2.0 β including OneLogin, PingFederate, Ping Identity, and ADFS.
Setting up SSO
Go to Dashboard β Settings β SSO. Choose your identity provider from the list. Stirling-QR will provide an Assertion Consumer Service (ACS) URL and SP Entity ID to enter in your IdP. Your IT team adds the Stirling-QR app to your IdP's application catalogue. Once configured, click 'Test Connection' to verify. Then optionally enable 'Enforce SSO' to prevent password logins entirely.
Provisioning and deprovisioning
When SSO is active, new team members can be invited by their work email and log in with their IdP credentials without setting a Stirling-QR password. When an employee leaves your company and is deactivated in your IdP, their Stirling-QR access is revoked automatically on next login attempt if 'Enforce SSO' is active.
π‘ Pro Tips
- Enable 'Enforce SSO' only after you have verified that every team member can log in successfully β to avoid locking yourself out.
- Test with a non-admin test account before rolling out to your whole team.
Related Articles
More in Upcoming
Ready to get started?
Create your first QR code free β no credit card required.