All Collections
Technical Specifications
Single Sign-On (SSO) overview
Single Sign-On (SSO) overview
Vipula avatar
Written by Vipula
Updated over a week ago

Introduction

Single sign-on allows managers with Qualee Console access to be able to login with their existing company identity, and will not need to maintain a separate set of login credentials for Qualee. This also allows them to directly access Qualee from your company's central app portal. Qualee integrates seamlessly with any external system capable of acting as a SAML 2.0 identity provider.

It is also possible to mandate single sign-on for all users, including account administrators, so that it is only possible to login using single sign-on.

About SAML 2.0

SAML (Security Assertion Markup Language) is a popular open standard for authentication and authorisation between two entities. These entities are commonly referred to as an identity provider, such as Microsoft Azure Active Directory, and a service provider application such as Qualee. The user sign-in flow can be initiated both from the service provider website as well as directly from an identity provider’s app portal page.

If your existing central identity management system supports the SAML protocol it can be configured as the single sign-on for Qualee. Popular hosted services with SAML support include:

  • Microsoft ADFS

  • Google Suite

  • Azure AD

How to configure single sign-on

Individual instructions may vary based on the identity provider, the general instructions are as follows:

  1. Click on Advanced in the left menu of the dashboard

  2. Choose Integrations and then select Single Sign-On

  3. Click the Connect button view the setup page shown in the screenshot below

  4. Input your SSO login URL (and optionally SSO logout URL) and certificate

  5. You can also retrieve the entity ID and reply URL (ACS) for Qualee

Toggling on the Force authentication option will require anyone logging into the Qualee Console to complete the login step (email/password, typically) in the SSO system, even if they have an active session.

Did this answer your question?