How to Enable Single Sign-On to Qualio, with Azure/O365
We start by enabling it for the customer, within the Qualio software itself. So first:
- Customer needs to login, and go to their Company page [as per screenshot]
- Select SSO Enabled
- Fill SSO domain (with data from Customer)
- Click ‘Save changes’
Integration with Azure (for Quality users):
Within Qualio; Go to Organization settings -> SSO/SAML
Note: Qualio has used generic language on this page, as its one settings page for every Identity Provider. So our text does not 100% match what you see in Azure.
Note: Not all of these fields shall be used during a configuration. In the best scenario, passing the metadata URL should be enough.
Note: You can easily copy (or download as a file) those values clicking on the buttons on the right.
Click on Configure SSO/SAML Integration, within Organization Settings
Now we need key information from the customer and their Azure Account. I would think anyone wanting to use SSO will know what these things are - but we detail them here for completeness.
So they need to go to Azure admin panel (https://portal.azure.com)
Within Azure Portal, you want to add a new Application. This will become your “Connect to Qualio with SSO” program.
To start, go to the example app’s [as per screenshot here]. You want to set up a Single Sign-On app.
In your new App, select SAML.
You will get a screen along the lines like those below. This page contains important information that you will need to make the connection.
Look at section 4 from the screenshot above. We need to copy the SSO URL and paste it to the field ‘SSO Url’ in the Qualio admin panel (Screenshot, again below).
You next need to copy Entity Id and paste it to the field ‘Entity Id’ in the Qualio admin panel (Screenshot, again below).
Download Certificate from Microsoft and upload to field ‘X.509 certificate’ in the Qualio admin panel - use the ‘Choose file’ button (Step 2.)
(Optional) Select disable password login if you only want your users to be able to login with SSO & Click ‘Save’
Go back to Azure app configuration and click Next, to move ahead.
In your Azure application [Below]; you now need to take information from Qualio, and put it into Azure.
From the Qualio SSO page, you can get the details you need to fill in the settings on your Azure SAML Application.
Configure Attribute Mapping in the Identity Provider admin panel
The last part is setting up attribute mapping. This step is important because it allows synchronizing data from Azure to Qualio. Minimal configuration requires setting up a firstName and lastName attribute. We require an attribute called ‘role’. The possible value for this attribute is “basic”, “normal” or “quality”.
- When the user logs in for the first time using SSO, a new account will be created/provisioned (if the user had not been invited earlier). The user’s role will be defaulted to basic.
Each account in Qualio still will require having its own password for a digital signature. This password will allow users to log in to the application as well (without using SSO).