Configure SAML 2.0 SSO with your identity provider to enable seamless authentication for your team.
Single sign-on allows your team to authenticate with DocQ using their existing corporate credentials, eliminating the need for separate passwords. DocQ supports SAML 2.0, the industry-standard protocol for federated identity.
Info
SSO is a paid feature that is only enabled for your organization if you have subscribed to it. Contact your account manager or DocQ support to enable SSO.
DocQ matches users between your identity provider and DocQ using email addresses. When a user authenticates through your IdP, DocQ looks up the matching email address in its user database and grants access accordingly.
Warning
SSO does not automatically create user accounts. Every user who needs to access DocQ must also be created in DocQ with a matching email address. Access permissions are still managed within DocQ regardless of SSO enablement.
| Term | Description |
|---|---|
| Identity Provider (IdP) | The service that manages user accounts and verifies identities (e.g., Okta, Azure AD). |
| Service Provider (SP) | The software requesting user information — in this case, DocQ. |
| Assertion | A statement from the IdP containing verified user information. |
| EntityID | A globally unique identifier for the IdP or SP. |
| NameID | The unique user identifier at the IdP. For DocQ, this must be the user's email address. |
| Metadata | An XML document describing the configuration of the IdP or SP. |
| Certificate | Used to verify the digital signatures on assertions. |
| ACS URL | Assertion Consumer Service URL — the endpoint where DocQ accepts assertions from the IdP. |
| RelayState | Optional state information used to verify the request. |
DocQ supports any SAML 2.0 compatible identity provider, including:
Configure the following values in your identity provider:
| Setting | Value |
|---|---|
| EntityID | https://auth.docq.app/auth/v1/sso/saml/metadata |
| Metadata URL | https://auth.docq.app/auth/v1/sso/saml/metadata |
| Metadata Download | https://auth.docq.app/auth/v1/sso/saml/metadata?download=true |
| ACS URL | https://auth.docq.app/auth/v1/sso/saml/acs |
| NameID Format | emailAddress |
After configuring your identity provider, share the following information with the DocQ support team:
Info
For security, share credentials and metadata through the secure secrets service at secrets.ndmglobal.com.
This section provides step-by-step instructions for configuring SSO with Okta. If you use a different identity provider, refer to the generic configuration above and your IdP's documentation.
Navigate to the Okta Applications dashboard and click Create App Integration.
In the app integration dialog, choose SAML 2.0 as the sign-in method.
Enter a name and description for the application (e.g., "DocQ" and "DocQ Document Automation Platform").
Configure the SAML settings with the following values:
| Setting | Value |
|---|---|
| Single Sign-on URL | https://auth.docq.app/auth/v1/sso/saml/acs |
| Use this for Recipient URL and Destination URL | Checked |
| Audience URI (SP Entity ID) | https://auth.docq.app/auth/v1/sso/saml/metadata |
| Name ID Format | EmailAddress |
| Application Username | Email |
Add the following attribute statement:
| Name | Value |
|---|---|
email | user.email |
Your metadata URL will typically follow this format:
https://<your-okta-org>.okta.com/apps/<app-id>/sso/saml/metadataShare the metadata URL (or XML file) along with your domain information with DocQ support via secrets.ndmglobal.com.
After you provide the IdP metadata and domain list, the DocQ support team will complete the configuration on the DocQ side. This process typically takes 2 to 3 business days.
Once SSO is enabled: