SSO / SAML Authentication
Subscription to SSO / SAML
SSO / SAML is a subscription-based option.
➡️ For more information, please contact your Customer Success Manager.
What is SSO?
SSO allows users to access various applications within an organization simply and securely. With this feature, users in an organization can log in once to gain access to all the enterprise applications they use.
You have the option to integrate Quable as an application with your identity provider as soon as your company implements Single Sign-On (SSO) user authentication via the Security Assertion Markup Language (SAML) protocol.
Logging into Quable through the SSO feature offers several advantages:
- Simplify users' lives by implementing a fast login system.
- Reduce time wasted on password recovery or contacting support.
- Deploy a proven authentication feature known for its robustness and security.
How does SSO work?
An Identity Provider (IdP) offers a user authentication service, while a Service Provider (SP) is a client requesting user authentication. These services must be specifically configured to work together and enable SSO authentication.
Prerequisites
Depending on the IdP service you choose, you may need to configure the solution specifically: refer to the IdP service documentation for more information.
To activate the SSO / SAML Authentication service, you must first verify your domain. You can proceed with domain verification in parallel with the service configuration.
Activating SSO / SAML Authentication
Access the SAML Authentication page from the administration console of your Quable platform.
To configure SSO, you must first enable the feature by clicking on the toggle button. The color changes when it is activated.
You then have access to the configuration information for the SSO feature.
Identity Provider Information
Retrieve the information provided by your IdP service:
- Entity ID
- Login URL
- Logout URL
- IdP certificate
Fill out the form with the values provided by your IdP service:
Information on the IDP Certificate
Your certificate must include the following at the beginning and end:
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
Service Provider Information
The SP service configuration provided by Quable is pre-filled:
- Entity ID: <https:// instance_name .quable.com/api/sp/metadata>
- ACS URL: <https:// instance_name .quable.com/api/sp/acs>
- Logout URL: <https:// instance_name .quable.com/api/sp/logout>
Retrieve this information to declare it in your IdP service:
User Account Creation
You can choose the behavior of your platform when a new user logs in to Quable from your IdP.
To configure user account creation, you must first enable the feature by clicking on the toggle button. The color changes when it is activated.
- Feature not activated: access is denied, and the new user cannot log in to the Quable platform.
or
- Feature activated: access is allowed and results in the creation of a new user account.
Then fill out the new user account creation form:
- Set the default languages available to your new users.
- Select the default rights for your new users.
- Provide additional information for your new users.
Mandatory Information!
To validate the user account creation, some essential information must be filled out:
- Definition of languages,
- Selection of roles,
- Selection of the time zone.
Validate the SSO Configuration Creation
Once all the information has been correctly filled out, click on the Update button to create the SSO feature configuration.
Updated 8 months ago