What is Single Sign-On?
Simple definition:
SSO is your one-click access to multiple applications using one set of login credentials. Applications may be located internally in your enterprise or hosted in the cloud. Application access is generally made through an application portal.
Which SSO solutions do we support?
QM10 has the ability to leverage the functionalities of the following external Single Sign-On (SSO) solutions: Microsoft Azure Premium, OneLogin.
How does the SOLABS External SSO connector works?
Like in any SSO solution, the External SSO connectors have two distinct parts: the SAML connector and the SSO connector.
SSO Connector
The connector is used to authenticate to an external SSO user directory. It acts as the traditional authentication methodology: the end-user needs to enter his username and password to either get access to the system or in 99.9% of the time in QM10, to perform an e-Signature. If Multifactor authentication (MFA) is activated, it will be requested at system login.
Multi login type support
Since QM10 r10.10.0 we now support multi login types per instances. Clients can now have users that use SSO (Azure or OneLogin) while others uses the SOLABS Id within the same QM10 instance.
SAML connector
A way to authenticate a user once and then communicate that authentication to multiple applications, therefore the user doesn't have to provide is credentials again for any other application using the same SSO technology.
Schema of authentication sequence
Authentication sequence using the SSO connector
Can external users access my QM10 through Azure SSO?
Yes, you can grant access to external users such as manufacturers, vendors, clients, auditors, etc. and still use the SSO feature. QM10 pulls its user information from the Azure Active Directory, therefore any user available there can be granted access to the software.
Microsoft has a feature called B2B collaboration, which enables you to add users that are not from your Azure Active Directory.
Microsoft B2B collaboration feature currently supports 4 different account states:
- External guest: Most users who are commonly considered external users or guests fall into this category. This B2B collaboration user has an account in an external Microsoft Entra organization or an external identity provider (such as a social identity), and they have guest-level permissions in the resource organization. The user object created in the resource Microsoft Entra directory has a UserType of Guest.
- External member: This B2B collaboration user has an account in an external Microsoft Entra organization or an external identity provider (such as a social identity) and member-level access to resources in your organization. This scenario is common in organizations consisting of multiple tenants, where users are considered part of the larger organization and need member-level access to resources in the organization's other tenants. The user object created in the resource Microsoft Entra directory has a UserType of Member.
- Internal guest: Before Microsoft Entra B2B collaboration was available, it was common to collaborate with distributors, suppliers, vendors, and others by setting up internal credentials for them and designating them as guests by setting the user object UserType to Guest. If you have internal guest users like these, you can invite them to use B2B collaboration instead so they can use their own credentials, allowing their external identity provider to manage authentication and their account lifecycle.
- Internal member: These users are generally considered employees of your organization. The user authenticates internally via Microsoft Entra ID, and the user object created in the resource Microsoft Entra directory has a UserType of Member.
For more information on Microsoft B2B feature, please consult the article here.
What changes happen when Using SSO such as Azure?
This article explains the changes in QM10 when the SSO feature is configured: What Changes Happen in QM10 When Using SSO such as Azure?
QM10 Authentication types
If you want to learn more about the multiple authentication types available in QM10, please read the following article: QM10 Authentication Types.
How to configure QM10 to use SSO
We have an article available that explains how to configure the SSO feature: How to configure QM10 to use SSO.
Have issues with SSO and QM10?
The following article will help you troubleshoot the most commonly seen issues: Troubleshooting Login Issues with Azure Authentication Type.
Comments
0 comments
Please sign in to leave a comment.