Skip to main content
Skip table of contents

Authentication

Overview

Single Sign-On (SSO) integration is an essential feature within QueryPie, enhancing user authentication and access management while ensuring a secure and streamlined single sign-on experience. By integrating with your organization’s accounting system, QueryPie can synchronize users and groups, allowing admins to centrally manage joiners and leavers within the organization. SSO integration simplifies the authentication process, enabling users to access databases and systems through QueryPie using the same authentication methods employed within your organization. This article provides guidance on integrating SSO and highlights key considerations.

Supported Identity Providers (IdP)

The following Identity Provider (IdP) services are currently supported by QueryPie:

  • Okta

  • LDAP

  • Swivel Secure

  • OneLogin

  • SAML 2.0

  • Custom Identity Provider : Only API URL input is supported.

Managing Users with SSO Integration

  • To set up external account system integrations, navigate to the Administrator > General > User Management > Authentication menu.

  • Please note that you cannot change the Authentication type once the integration is set up.

  • New hires within the accounting system will automatically be added as QueryPie users after synchronization.

  • Similarly, any leavers within the accounting system will be removed as QueryPie users after synchronization.

  • Synchronized users cannot be modified or deleted within QueryPie.

If you need to change the Authentication type, please contact QueryPie Support or the Customer Portal.

Managing Groups with SSO Integration

  • For Okta, OneLogin, and LDAP, you can synchronize groups from your accounting system as QueryPie groups.

  • Synchronized groups cannot be modified or deleted within QueryPie.

  • For Okta and OneLogin, you can synchronize groups by assigning them to your QueryPie application.

  • For LDAP, you can utilize the Group synchronization option. For detailed information, refer to the integration guide page.

Using SSO Integration and QueryPie's Internal Account at the Same Time

  • Even if you integrate SSO, you can still add users and groups to QueryPie’s internal account system.

  • However, it is important to use unique usernames and email addresses.

Enhance Local Account Security in IDP-Integrated Environments

To maintain consistent security policies in hybrid authentication environments where external identity providers (IdPs) and QueryPie local accounts are used together, Multi-Factor Authentication (MFA) is supported.

Regardless of integration with external IdPs such as Okta, OneLogin, or SAML, MFA can be independently configured and applied to all locally created accounts in QueryPie.

  • Even in environments using external IdPs, enabling MFA for all local accounts—including administrator accounts—ensures the system remains protected against unauthorized access.

Configuration

  1. Navigate to Administrator > General > Authentication.

  2. In the Two-Factor Authentication section, activate and configure the desired MFA options.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close