Introduction
If you're the Primary or Super login role, you can let team members access Quickpass by logging in to a central identity provider. Single sign-on (SSO) provides an easy way to access multiple websites or applications using a single account. Authentication to your Tenant is handled by your identity provider. Whenever Quickpass wants to authenticate you via SSO, they'll redirect you to the identity provider. If you are not logged in, you can log in using your SSO credentials. But if you're already logged in, you won't need to log in again. You are immediately redirected back to Quickpass with the necessary authentication token. This token is used to verify that you are authenticated with the identity provider.
Prerequisites
- To configure SAML settings for SSO, you need an identity provider that supports SAML 2.0. This widely supported protocol enables web-based authentication scenarios including cross-domain SSO and federated authentication between SaaS applications, like Quickpass, and on-premise directory systems, such as Active Directory. The key to this feature is the intermediary SAML SSO server – also known as the identity provider.
- All of your users under your account in Quickpass will need an account in your SSO Provider with exactly the same email address.
Manual - https://support.getquickpass.com/hc/en-us/articles/360040722434-How-to-Setup-Quickpass-Dashboard-Logins
Bulk Import - https://support.getquickpass.com/hc/en-us/articles/4411037813783-How-to-Bulk-Import-Quickpass-Dashboard-Logins - NOTE: After setting up the SSO - Primary and Super Login Roles will still be able to login to the Dashboard with their Quickpass Credentials, but all other roles will need to use the SSO credentials to login to the Dashboard.
Get Started
- Login to Quickpass as a Primary or Super Admin Login Role
- Click the Login Management Screen
- Click the Configuration drop down box
- Click Authentication Options
- Turn on the Enable SAML SSO Toggle Switch
- Once this is turned on the Entity ID value will be populated.
- The remainder of the entries will be populated from the values provided by your SSO provider
- Once this is turned on the Entity ID value will be populated.
- Log into your identity provider, so that you can configure the two simultaneously.
Configuring the SSO Identity Provider - Default Values
- Enter the following URLs in the fields provided by your SSO provider.
- Identifier (Entity ID) - Enter your Quickpass Entity ID value from the Quickpass Dashboard
-
Reply URL (Assertion Consumer Service URL) - Enter
NA or Oceania https://admin.getquickpass.com/api/auth/sso/login/callback EU https://eu-admin.getquickpass.com/api/auth/sso/login/callback
-
Sign on URL - Enter
NA or Oceania https://admin.getquickpass.com EU https://eu-admin.getquickpass.com - Relay State - Some SSO Providers will not allow you to have both Reply URL and Relay State populated. Ensure you understand which value is required. If Supported by your SSO Provider enter your Quickpass Entity ID value from the Quickpass Dashboard
-
Logout URL - Enter
NA or Oceania https://admin.getquickpass.com EU https://eu-admin.getquickpass.com
After SSO Identity Provider is configured.
After configuring SSO in your identity provider, return to Quickpass, navigate to Login Management -> Configuration -> Authentication Options and paste the SSO Token value provided by your SAML Provider.
-
Issuer URL - The URL that uniquely identifies your SAML identity provider. Also called: Issuer, Identity Provider, Entity ID, IdP, IdP Metadata URL.
-
SAML Login Endpoint URL - The SAML login endpoint URL of the SAML server. Quickpass redirects to this URL for SSO if a session isn't already established. Also called: Sign-on URL, Remote login URL, SSO URL, SSO Endpoint, SAML 2.0 URL, Identity Provider Sign-in URL, IdP Login URL, Single Sign-On Service URL.
- SAML Logout Endpoint URL - A URL where Quickpass can redirect users after they sign out of Quickpass. Also called: SLO Endpoint, SAML Logout URL, Trusted URL, Identity Provider Sign-out URL, Single Sign-Out Service URL.
- Fingerprint - The appropriate value is based on the information provided by your identity provider. Also called: Thumbprint.
-
Certificate - The authentication certificate issued by your identity provider (a base-64 encoded X.509 certificate). Be sure to include the entire certificate, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE------. Also called: Public Certificate, X.509 Certificate.
NOTE: - These sample values were provided from the Azure/O365 Example and will be different depending on the SSO/SAML provider you are using.
You should now have a working SSO implementation for Quickpass which you can test by going to your subdomain (https://admin.getquickpass.com or https://eu-admin.getquickpass.com) in a new browser session. This process and the information asked for should be common to all identity providers.
SSO (SAML 2.0) Provider Configurations
If you use one of the identity providers listed below, we have written separate articles that explain how to configure and test your SAML SSO settings that you should read instead:
- O365/Azure - https://support.getquickpass.com/hc/en-us/articles/4419170636055-Configuring-Azure-AD-for-SSO-SAML-Logins
- OKTA - https://support.getquickpass.com/hc/en-us/articles/4420177817111-Configuring-Okta-for-SSO-SAML-Logins
- DUO - https://support.getquickpass.com/hc/en-us/articles/4419521479959-Configuring-Duo-for-SSO-SAML-Logins
- Google Workspace - https://support.getquickpass.com/hc/en-us/articles/4617205015959-Configuring-Google-Workspace-for-SSO-SAML-Logins
- Jumpcloud - https://support.getquickpass.com/hc/en-us/articles/14079128057111-Configuring-Single-Sign-On-SSO-with-Jumpcloud
Comments
0 comments
Please sign in to leave a comment.