Who is this article for?

Users experiencing these error.

Administrator permissions are required to resolve some issues.

This article explains some common authentication issues you might come across in Ideagen Quality Management and outlines how to resolve them.

1. Remembering credentials for e-signature

1.1. Issue

When users sign a document, they are asked for credentials even though Single Sign-On (SSO) is enabled for their organisation.

1.2. Resolution

To resolve the issue, enable the SSO credentials for Electronic Signatures feature. This feature means users won’t have to enter their full authentication details every time they use electronic signing if they log in with SSO. Once enabled:

• Users only need to enter their password or MFA key instead of full credentials.
• Only the first e-signing per session requires full credentials.
• Subsequent signings are quicker and easier.

To enable this feature:

1. Go to the Administration module.
2. Open the Single Sign-On section.
3. Tick the Remember credentials for Electronic Signing box.

This helps keep you compliant with electronic signature rules while speeding up the acknowledgement process and reducing document backlogs.

2. "Web client secret value incorrect" error

2.1. Issue

Users trying to access the web version of Ideagen Quality Management may see the error below.

This usually happens when the web client secret value has expired. This value is set in the SSO settings within your Ideagen Quality Management application.

2.2. Resolution

To resolve the issue:

1. Obtain a new client secret code.

2. Open the Administration Module.

3. Go to the Security section.
4. Select Settings and Defaults.
5. Choose Authentication.
6. Select Authentication and Security.
7. Click on Single Sign-On Options.

---

3. "The request body must contain the following parameter: 'scope'" error

3.1. Issue

When users enable SSO and try to log in, they may receive an error preventing access to Ideagen Quality Management: "AADSTS900144: The request body must contain the following parameter: 'scope'".
 

 

This error occurs when scope details are missing from the SSO configuration page in the Ideagen Quality Management Windows client. Please enter the correct scope values as per your SSO setup.

3.2. Resolution

To resolve the issue:

1. Go to the Administration module.
2. Select Security.
3. Select Settings & Defaults.
4. Open Authentication.
5. Click Edit.
6. Go to Authentication & Security.
7. Access Single Sign-On Options.
   These values are case sensitive and should be separated by spaces (e.g. openid email profile).
8. Enter the appropriate Scope values as shown below.
9. Click Save.

Application	Scope value
Web	openid email profile offline_access User.Read
Windows client
Mobile	openid email profile offline_access

---

4. "Azure SSO GraphEndpoint is empty or invalid" error

4.1. Issue

Users accessing the web version of Ideagen Quality Management might see the error below.

4.2. Resolution

To resolve the issue:

1. Go to the Administration module.
2. Select Settings & Defaults.
3. Choose Authentication and Security.
4. Click Edit.
5. Update the Graph Endpoint to https://graph.microsoft.com/v1.0/me.

6. Click Save.

---

Further reading

• Getting started with Single Sign-On (SSO)
• Overview of Single Sign-On (SSO)
• Configuring Single Sign-On (SSO)