AzureAD
Last updated
Last updated
Qase supports SSO. To provide single sign-on services for your domain, Qase acts as a service provider (SP) through the SAML (Secure Assertion Markup Language) standard.
1. Sign in to the of your AzureAD account.
2. Click on "Azure Active Directory" icon:
3. Go to "Enterprise applications" section and click on "New application" button:
4. Create a Non-gallery application and name it 'Qase':
5. Click on "Set up single sign on":
6. Choose "SAML":
7. Now, you need to set up your AzureAD application. Click on the "Edit" button in the "Basic SAML Configuration" block. And fill the form with the following data:
When you are ready, click on "Save" button.
8. Now you need to configure attribute mapping. Click on "Edit" button in "User Attributes & Claims" section and for "Required claim" set Name ID format to persistent and Name ID value to user.mail
.
Also, add two new claims:
fname
: user.givenname
lname
: user.surname
9. Now, you are ready to set up SSO on the Qase side. But at first, you need to get data from the AzureAD app:
Download the certificate (Base64)
Copy Login URL
Copy Azure AD identifier
SAML Sign-in URL: paste login URL from the previous step
Identity Provider Issuer: paste Azure AD identifier from the previous step
Key x509 Certificate: open downloaded in the previous certificate in any editor, copy its content, and paste in the textarea.
Domains*: provide a list of domains separated by a comma, that will be used for SSO. Public domains like gmail, hotmail, and etc are not allowed. *This step is mandatory.
Any domains that are added will need to be verified. To do so, you will need to add a TXT record to the domain's DNS records.
Default role: choose a default role that will be granted to the new users.
If you want new users who join your team to become a read-only by default, check "Automatically add new users as read-only members" checkbox.
After the form is filled, click on the "Save" button.
Identifier (Entity ID):
Reply URL (ACS URL):
Sign on URL:
10. Now you need to go to the Qase and link your account with AzureAD credentials. Click on the "Enable SSO/SAML" toggle button and fill the form:
Setup is complete. Now you can logout from the app and log in through the
Users will have to sign-in from this Qase's SSO Login page: