AzureAD

Qase supports SSO. To provide single sign-on services for your domain, Qase acts as a service provider (SP) through the SAML (Secure Assertion Markup Language) standard.

How to configure SSO with AzureAD?

1. Sign in to the of your AzureAD account.

2. Click on "Azure Active Directory" icon:

3. Go to "Enterprise applications" section and click on "New application" button:

4. Create a Non-gallery application and name it 'Qase':

5. Click on "Set up single sign on":

6. Choose "SAML":

7. Now, you need to set up your AzureAD application. Click on the "Edit" button in the "Basic SAML Configuration" block. And fill the form with the following data:

When you are ready, click on "Save" button.

8. Now you need to configure attribute mapping. Click on "Edit" button in "User Attributes & Claims" section and for "Required claim" set Name ID format to persistent and Name ID value to user.mail.

Also, add two new claims:

• fname: user.givenname

• lname: user.surname

9. Now, you are ready to set up SSO on the Qase side. But at first, you need to get data from the AzureAD app:

1. Download the certificate (Base64)

2. Copy Login URL

3. Copy Azure AD identifier

• SAML Sign-in URL: paste login URL from the previous step

• Identity Provider Issuer: paste Azure AD identifier from the previous step

• Key x509 Certificate: open downloaded in the previous certificate in any editor, copy its content, and paste in the textarea.

• Domains*: provide a list of domains separated by a comma, that will be used for SSO. Public domains like gmail, hotmail, and etc are not allowed. *This step is mandatory.

Any domains that are added will need to be verified. To do so, you will need to add a TXT record to the domain's DNS records.

• Default role: choose a default role that will be granted to the new users.

If you want new users who join your team to become a read-only by default, check "Automatically add new users as read-only members" checkbox.

After the form is filled, click on the "Save" button.