TrackQUAL logo
← Back to blog

Blog

Enterprise SSO in TrackQUAL: Google, Microsoft Entra, OIDC and SAML

TrackQUAL supports enterprise single sign-on with Google, Microsoft, Microsoft Entra, generic OpenID Connect and SAML, with per-tenant configuration, audience targeting, and optional coexistence with direct email login.

By The TrackQUAL Team

Published: 15 Apr 2026

Edited: 15 Apr 2026

For many businesses evaluating a SaaS partner, single sign-on is no longer a nice-to-have. It is a baseline expectation.

Security teams want central identity control. IT teams want standards-based integration. Operational teams want a login experience that is easy for staff, customers, inspectors, and partner users. And commercial teams want all of that without turning onboarding into a six-week technical project.

That is why we have built enterprise SSO into TrackQUAL in a way that reflects how real organisations actually work.

TrackQUAL supports Google, Microsoft, Microsoft Entra, generic OpenID Connect (OIDC), and generic SAML. Just as importantly, we support multiple sign-in options per tenant, so one customer account is not forced into a single identity model that only works for part of the organisation.

Why SSO matters in returns, repairs and service operations

TrackQUAL is often used across more than one user population. A tenant may have internal service teams, customer users, third-party inspectors, delegated authority users, and partner organisations all working in the same platform. In practice, those users do not always live in the same identity system.

One business unit may use Google Workspace. Another may be standardised on Microsoft 365. A large customer may insist on Microsoft Entra or SAML. An external inspection partner may use a completely different provider again.

That creates a common problem in B2B SaaS: a platform can claim to support SSO, but only in a way that assumes one tenant equals one identity provider. For many operational environments, that is too simplistic.

We have designed TrackQUAL to be more flexible because that is what our customers actually need.

What TrackQUAL supports today

TrackQUAL supports the two identity standards most IT teams expect to see in enterprise software procurement:

  • OpenID Connect (OIDC) for providers such as Google, Microsoft, Microsoft Entra, Okta, Auth0, Keycloak, OneLogin, and other modern identity platforms
  • SAML for enterprise environments where SAML remains the preferred or required protocol

Within that model, TrackQUAL can accept:

  • Google sign-in
  • Microsoft sign-in
  • Microsoft Entra ID sign-in
  • generic OpenID Connect providers
  • generic SAML identity providers

That gives customers a practical route for both standard workforce identity and more bespoke enterprise federation requirements.

Why we built it this way

We did not want to add a narrow SSO checkbox feature that looks good in a sales deck but breaks down in the real world.

Instead, we built TrackQUAL's SSO model around tenant-owned connections. In plain English, that means each tenant can configure the providers that make sense for their own environment and can add more than one where needed.

This matters because real-world account structures are messy in ways that are entirely normal:

  • groups acquired through M&A may still run different identity platforms
  • customers and suppliers may need access through their own corporate login
  • internal staff and external partners may need different SSO routes
  • some users may need SSO immediately while others still need a direct login path during rollout

By supporting multiple connections per tenant, TrackQUAL can fit that reality rather than forcing organisations to flatten it into a model that does not reflect how they operate.

Not just one provider per tenant

A key design decision in TrackQUAL is that a tenant can configure multiple SSO options at the same time.

For example:

  • a tenant could use Google Workspace for internal staff
  • an external inspection network could sign in with Microsoft
  • a major enterprise customer could use SAML for its own customer users
  • another partner could connect via a generic OIDC provider such as Okta

That flexibility is especially useful in returns, repairs, warranty and service environments where more than one organisation may interact with the same workflow.

Email login can still coexist when needed

Many businesses want SSO, but they do not always want a hard cutover on day one.

TrackQUAL supports that. Direct email and password login can remain available while SSO is introduced, tested, and rolled out by audience. That can reduce implementation friction for customers who want a phased adoption path rather than an all-or-nothing switch.

Where a tenant wants stronger control, TrackQUAL can also require SSO for the users matched to a given connection. In other words, the platform supports both gradual rollout and policy-driven enforcement.

Audience targeting for real operational roles

Supporting multiple providers is only useful if the platform can also decide who should use each one.

That is why TrackQUAL's SSO model includes audience targeting. Connections can be scoped to different user groups such as:

  • tenant staff
  • customer users
  • inspectors
  • delegated authority users
  • all users where appropriate

Connections can also be limited by approved email domains, which helps IT teams keep a provider aligned to the right organisation or partner group.

That means TrackQUAL is not just saying, "we support SSO". It is supporting targeted federation that maps more cleanly to operational reality.

What this means for IT and security reviewers

When IT teams review TrackQUAL as a possible approved SaaS partner, they usually want to know whether identity can be integrated in a standards-based, governable way without creating an exception to their normal control model.

Our approach is designed to make that conversation easier.

Standards-based protocols

TrackQUAL supports the protocols most enterprise identity teams already work with: OIDC and SAML. That helps reduce the need for custom login workarounds.

Per-tenant configuration

Each tenant's SSO settings are managed as its own connections, rather than being hard-coded globally in a way that would make multi-tenant operation inflexible.

Multiple provider support

Customers are not forced into a one-provider-per-tenant assumption. This is particularly important where internal users, customers, and third parties come from different identity estates.

Controlled account linking

TrackQUAL supports first-time account linking by verified email where that is permitted, helping customers connect SSO identities to existing user accounts without creating unnecessary admin overhead. Verified-email requirements can also be enforced for stronger control.

Encrypted secret storage

Provider secrets are not handled as ad hoc per-tenant environment variables. Instead, TrackQUAL uses a global application-level encryption key for secure storage of provider secrets, while each tenant's own provider configuration is stored as tenant-specific connection data.

Operational rollout flexibility

Because SSO can coexist with direct login during rollout, organisations can test and stage adoption before enforcing it more broadly.

Examples of where this is useful

Here are a few common scenarios where the TrackQUAL model is a strong fit:

  • Manufacturer with mixed internal identity: one region uses Google Workspace, another uses Microsoft 365
  • Enterprise customer portal access: the customer wants its own users to authenticate through Entra or SAML
  • Third-party service network: inspectors or repair partners need secure access but do not belong to the tenant's internal identity provider
  • Phased security uplift: a customer wants to introduce SSO first, then later require it for selected user groups

These are the kinds of real operational setups that shaped the design.

Commercially, why this matters

From a sales and procurement perspective, SSO is often a gating requirement.

If a SaaS platform cannot align with a customer's identity model, procurement slows down, security questionnaires become harder, and internal sponsors have more work to do to justify an exception.

By supporting mainstream workforce identity, enterprise federation patterns, and multi-provider tenant setups, TrackQUAL is better positioned to fit into mature customer environments rather than asking customers to bend their security model around the software.

That matters not just for large enterprise accounts, but also for mid-market organisations that increasingly expect the same security and governance standards from their software vendors.

A practical approach rather than a checkbox feature

We have built TrackQUAL's SSO capability to solve the actual operational and commercial problem, not just the headline requirement.

The goal is simple:

  • make login easier for end users
  • give IT teams a standards-based integration path
  • let customers support more than one identity provider where needed
  • preserve rollout flexibility instead of forcing a disruptive cutover
  • support safer governance through audience targeting and verified identity controls

For organisations reviewing TrackQUAL as a possible partner-approved SaaS platform, that means SSO is not bolted on as an afterthought. It has been designed to support the complexity that often appears in real customer environments.

Final thoughts

TrackQUAL now supports enterprise single sign-on in a way that is flexible enough for mixed user populations, standards-based enough for IT teams, and practical enough for phased rollout.

If your organisation needs a returns, repairs or service workflow platform that can work with Google, Microsoft, Microsoft Entra, OpenID Connect, or SAML, TrackQUAL is designed to support that conversation from the start.

And if your environment is more complex than "one company, one IdP, one user type", that is exactly why we built it this way.

FAQ

Which SSO providers can TrackQUAL accept?

TrackQUAL supports Google, Microsoft, Microsoft Entra, generic OpenID Connect providers, and generic SAML identity providers.

Does TrackQUAL support SAML and OIDC?

Yes. TrackQUAL supports both OpenID Connect and SAML so customers can align the platform with the identity protocol their organisation already uses.

Can TrackQUAL support more than one SSO option for the same tenant?

Yes. A tenant can configure multiple SSO connections, which is useful where staff, customers, inspectors, and partners belong to different identity systems.

Can SSO and direct email login exist at the same time?

Yes. TrackQUAL can keep direct email login available during rollout, or require SSO for the users matched to a specific connection.

Is TrackQUAL suitable for enterprise SaaS review?

TrackQUAL is designed to support enterprise SaaS review conversations by offering standards-based federation, per-tenant configuration, multiple provider support, and targeted rollout controls.

Available languages

English (UK)