Quip enables admins with Enterprise Quip licenses to give members of their Quip site the ability to access Quip through the identity provider of their choice.
- Quip Enterprise or Quip for Salesforce license
- A domain assigned to your site (you can add a domain in the Signup Settings page on the admin console)
- A configured connection with your identity provider (set up on the IdP side)
Instructions for configuration
To access the Quip SAML setup flow, go to admin.quip.com and navigate via the left-hand tab to Settings → Authentication. Click on New Configuration and follow the Quip SAML Setup flow. You'll be prompted to upload a .xml file (typically downloaded from your identity provider) or edit the SAML configuration manually.
After saving the configuration, you will be prompted to test with an email, which will test the redirect and authentication flow. Once this test is completed successfully, you will have the option to add additional test users or to enable for your entire site. We do not enable a configuration to be saved until an email has been tested successfully.
Quip also provides the ability to omit domains associated with your site from the SAML redirect, which can be edited once the configuration passes the initial email test.
What your end-users will see
After this is enabled, users who navigate to Quip when not signed in will be redirected to your identity provider and sign in with their credentials, after which they will be redirected to Quip in a logged in state.
A few notes
In the event you need Quip's entityID or redirect URL for your IdP, you can find them by downloading Quip's metadata from the Authentication page and searching for “entity ID” and “location” in the downloaded .xml file and copying the URLs.
For Quip sites with SSO already enabled, your initial configuration will already appear in the SAML table.
Quip also provides the ability to load multiple certificates, which you can do by setting up a SAML configuration manually and clicking “add additional certification.” In the event that multiple certificates are being used in an active configuration, Quip will attempt all certificates; if any of them succeed, a user will be able to log in.
Don't hesitate to reach out to our support team by submitting a request (through the link) with any questions regarding SAML setup.