Developers
Quable Guide
Start typing to searchā€¦

SSO / SAML Authentication

šŸ“˜

SSO / SAML Subscription

SSO / SAML is a subscription-based option.

āž”ļø For more information, please contact your CSM manager

What is SSO?

SSO allows users to securely and easily access multiple applications within an organization. With this feature, users can log in once to gain access to all the business applications they use.

You can integrate Quable as an application within your identity provider once your company has implemented SSO (Single Sign-On) user authentication via the SAML (Security Assertion Markup Language) protocol.

Connecting to Quable using SSO offers several advantages:

  • Simplify user access by implementing a fast login system.
  • Reduce time lost on password recovery processes or support requests.
  • Deploy an authentication feature known for its robustness and security.

How does SSO work?

An Identity Provider (IdP) offers a user authentication service, while a Service Provider (SP) is a client that requests user authentication. These services must be specifically configured to work together and enable SSO authentication.

šŸ“˜

Prerequisites

  • Depending on the IdP service you choose, you will likely need to configure the solution specifically: refer to your IdP service documentation for more information.
  • To enable SSO / SAML Authentication, you must first verify your domain. You can proceed with domain verification in parallel with the service configuration.

Enabling SSO / SAML Authentication

Go to the SAML Authentication page from your Quable platform administration console.

To configure SSO, you must first enable the feature by clicking on the toggle button. The color changes when it is activated.

Disabled

Disabled

Enabled

Enabled

You then have access to the configuration information for the SSO feature.

Identity Provider Information

Retrieve the information provided by your IdP service:

  • Entity ID
  • Login URL
  • Logout URL
  • IdP certificate

Fill out the form with the values provided by your IdP service:

šŸ“˜

Information on the IDP Certificate

Your certificate must include the following at the beginning and end:

-----BEGIN CERTIFICATE-----

and

-----END CERTIFICATE-----

Service Provider Information

The SP service configuration provided by Quable is pre-filled:

  • Entity ID: <https:// instance_name .quable.com/api/sp/metadata>
  • ACS URL: <https:// instance_name .quable.com/api/sp/acs>
  • Logout URL: <https:// instance_name .quable.com/api/sp/logout>

Retrieve this information to declare it in your IdP service:

User Account Creation

You can choose the behavior of your platform when a new user logs in to Quable from your IdP.

To configure user account creation, you must first enable the feature by clicking on the toggle button. The color changes when it is activated.

  • Feature not activated: access is denied, and the new user cannot log in to the Quable platform.
Disabled

Disabled

or

  • Feature activated: access is allowed and results in the creation of a new user account.
Enabled

Enabled

šŸ“˜

Prerequisites

To ensure the minimum information required for user account creation, the token must contain certain fields mapped from the IDP:

  • email
  • firstname
  • username

Then fill out the new user account creation form:

  • Set the default languages available to your new users.
  • Select the default rights for your new users.
  • Provide additional information for your new users.
šŸš§

Mandatory Information!

To validate the user account creation, some essential information must be filled out:

  • Definition of languages,
  • Selection of roles,
  • Selection of the time zone.

Validate the SSO Configuration Creation

Once all the information has been correctly filled out, click on the Update button to create the SSO feature configuration.

Updated 3 days ago