How does Qualifo single sign-on (SSO) work and how do I set it up for my account?

Tabata Vossen -

Single Sign-On, or SSO, allows users to log into Qualifio using another account they already have with Google or Azure.

Screenshot_2020-01-06_at_10.58.10.png

With the SSO module enabled, your team members can access Qualifio without another password to manage. They simply sign in to their central identity provider (IdP) and securely gain access to Qualifio.

What are the benefits?

By configuring your account to be accessed via SSO, you gain the following benefits:

  • Strengthened cybersecurity: In the absence of a Qualifio password, you can easily enforce your existing IdP password policy.
  • Streamlined administration: When you remove someone from your IdP, they will automatically lose access to your Qualifio account. So, only the right people have access to your data.
  • Enhanced user experience: Remembering multiple passwords is a pain. With SSO, members of your account won't have to set up and maintain a separate Qualifio password.

Which identity providers (IdP) are supported?

Currently, Qualifio comes with two SSO solutions:

  • Google G Suite (Google)
  • Azure Active Directory (Azure AD)

Global architecture

In Qualifio, the module SSO is based on a passport and a nodeJs, both facilitating the creation of SSO connection with the supported identity providers:

mceclip0.png

Ask for setting up the integration

Get in touch with your Qualifio Expert or Qualifio Support services. We will help you to configure the connection for the IdP that your company is using. You will need to provide us with the email domains of your company, as well as communicate which of the methods above you'd like to use (SSO-only mode or not).

SSO Manager activation for an account requires some configuration that needs to be done on Qualifio side (database). Please indicate your expected planning for an SSO Manager in production.

Attention point: This feature is only available in the Gold or Platinum plan.

Enabling SSO on your side

Adding an SSO will put your IdP in charge of authentication. Whatever process, policies, and security features you’ve set up with your IdP (e.g. two-factor authentication) will apply to your team as they access Qualifio. It also means that, if a user forgets their SSO password, the password is reset via your SSO application.

When configuring Qualifio SSO for your organisation, you have two options:

  • Give users secure access to Qualifio with their common set of login credentials. With SSO-only mode, Qualifio login is disabled and users must sign in using SSO.
  • Alternatively to SSO-only mode, you can allow people to choose whether they access your account using either Qualifio login or SSO.

Limitations

  • For SSO to work, it needs to be configured in your Qualifio account — even if you already have a Google or Azure account. Would you like to activate SSO for your organization? Contact your Qualifio Expert or our Helpdesk. You will need to provide the domains of your professional email addresses, and tell us which method you wish to use (SSO mode mandatory or not).
  • There is no synchronisation between your identity provider and Qualifio, meaning Qualifio has no possibility to automatically create or delete Qualifio accounts based on changes made at the identity provider. To enable SSO for a user, the user needs to be a known user in Qualifio Manager. 
  • For Google G Suite, we prevent visitors with email addresses at gmail.com from logging in. If a user tries to log in with this blocked domain, they will see an error message.
  • For Azure Active Directory, users will be asked to 'trust' the domain the first time they access Qualifio via SSO. 
Powered by Zendesk