Skip to main content
Quippy supports Single Sign-On so your employees and students can sign in with the same company account they already use for email, chat, and docs — and lose access automatically when your IT team removes them from your IdP. We never see the user’s password. Your IdP verifies the user and hands Quippy a signed token saying “yes, this is Jane.” If IT disables Jane in your IdP, she can’t get a new token, and her Quippy access is revoked within minutes.

Supported protocols

Pick whichever your IdP team prefers. Most modern IdPs support both.

OIDC

The most modern choice. You paste an issuer URL, a client ID, and a client secret. Scopes default to openid, profile, and email. Works out of the box with Okta, Microsoft Entra ID, Google Workspace, and OneLogin.

SAML 2.0

Required by many enterprises. You paste an entry point URL, an entity ID, and the IdP’s signing certificate (PEM). Compatible with any SAML 2.0 IdP.
Client secrets and SAML certificates are encrypted at rest (AES-256-GCM) and are never echoed back after you save. If you lose one, rotate it at the IdP and paste the new value.

What happens when an employee signs in

1

User opens Quippy

The user enters their email (e.g. jane@acme.com) on the sign-in page.
2

Quippy routes by email domain

Quippy matches @acme.com against your configured domains and redirects the browser to your IdP.
3

Your IdP verifies the user

Okta, Entra, Google Workspace, or OneLogin authenticates the user and issues a signed token or SAML assertion.
4

Quippy trusts the token

Quippy validates the signature, creates the user on first sign-in (if Auto-create users on first sign-in is on), applies the role from your group mapping, and logs the user in.

Per-IdP guides

Okta

OIDC-first setup.

Microsoft Entra ID

OIDC-first setup.

Google Workspace

SAML-first setup.

OneLogin

OIDC-first setup.
Ready to configure? Head to Set up SSO for the step-by-step walkthrough.