Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Configuring Single Sign-On (SSO)

By Alan Blair
  • Last updated
⌘ K
Search this article
Print this article
Who is this article for?

IT Personnel implementing SSO for authentication.

Access to your SSO provider settings and admin access is needed.

Single Sign-On (SSO) is an authentication process that allows a user to access multiple applications or services with one set of login credentials. SSO enhances user convenience by reducing the need to remember multiple passwords and improves security by minimising the number of times passwords are entered, thereby reducing the risk of phishing attacks. It’s commonly used in both enterprise environments and consumer services to streamline the user experience and strengthen security protocols.

This article outlines the steps required to configure Ideagen Quality Management to use your Single Sign-On (SSO) service provider.

1. Configuring the Identity Provider

Your Single Sign-On (SSO) service provider must be configured before you can configure Ideagen Quality Management to use it for SSO authentication.

During this process you will configure the URLs required as well as the authentication tokens needed. The essential IDs will then be required to configure the Ideagen Quality Management web.config files.

The configuration of your provider is not directly supported by Ideagen. However, for the purpose of demonstration please see:

2. Configuring the connection

The steps to configure Single Sign-On (SSO) will vary depending on the version of Quality Management you are using:

2.1. Ideagen Quality Management 7.4 (or higher)

To configure SSO:

  1. Launch the Administration module.
  2. Navigate to the Security section.
  3. Select Settings and Defaults.
  4. Click Edit in the Authentication section.
  5. Browse to the Single Sign-On Options section.
  6. Enable Single Sign-On (SSO).
  7. Select the Identity Client Type:
      • Entra
      • PingOne
      • Okta

PingOne requires WebView2 runtime to be installed. PingOne Single Sign-On (SSO) cannot be tested on Windows Server 2016 and must be tested from a client machine.

  1. Enter the required SSO details.
  2. Click OK.
Each identity Provider requires a specific Scope setup for each part of the application. Refer to the specific example configuration article for your chosen Identity Provider to configure it for your organisation!

2.2. Ideagen Quality Management 7.3

To configure SSO:

  1. Launch the Administration module.
  2. Navigate to the Security section.
  3. Select Settings and Defaults.
  4. Click Edit in the Authentication section.
  5. Browse to the Single Sign-On Options section.
  6. Enter the SSO details.
  7. Click OK.

2.3. Ideagen Quality Management 7.2 Only

To configure SSO:

  1. Browse to the Ideagen Quality Management web directory. By default this will be C:\inetpub\wwwroot\.
  2. Open the qpulsedataportal folder.
  3. Open the web.config.
  4. Locate the GraphEndpoint tag.
  5. Remove any comment tags and update the endpoint with the path of your Single Sign-On (SSO) provider.
<add key="GraphEndpoint" value="https://graph.microsoft.com/v1.0/me"/>
<add key="Authority" value="https://login.microsoftonline.com/{TenantID}"/>
<add key="WebClientId" value="{WebClientID}"/>
<add key="IdentityClientType" value="AzureAD" />
<add key="SSOScope" value="" />
  1. Update the following items:
      • Authority: The URL of your SSO provider (including your Directory (tenant) ID).
      • WebClientID: The application client ID (as generated in your SSO provider configuration).
      • IdentityClientType: The type of your identity provider.
      • SSOScope: The default value is empty which will default to scope=user.
  1. Save the web.config.
  2. Browse to the C:\intetpub\wwwroot\qpulse folder.
  3. Open the web.config.
  4. Locate the GraphEndpoint tag.
  5. Remove any comment tags and update the endpoint with the path of your Single Sign-On (SSO) provider.
<add key="GraphEndpoint" value="https://graph.microsoft.com/v1.0/me"/>
<add key="SSOUrl" value="https://login.microsoftonline.com/{TenantID}/v2.0/"/>
<add key="SSOTokenUrl" value="https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/token"/>
<add key="WebClientId" value="{WebClientID}"/>
<add key="WebClientSecret" value="{WebClientSecret}"/>
<add key="RedirectUri" value="https://localhost/QPulse/"/>
  1. Update the following items:
      • SSOURL: The URL of your SSO provider (including your Directory (tenant) ID).
      • SSOTokenURL: The URL of your SSO token (including your Directory (tenant) ID).
      • WebClientID: The application client ID (as generated in your SSO provider configuration).
      • WebClientSecret: The web client secret (as generated in your provider configuration).
      • RedirectURL: The URL of your Ideagen Quality Management web interface.
  1. Save the web.config.

The steps to configure Single Sign-On (SSO) will vary depending on the version of Quality Management you are using:

2.1. Ideagen Quality Management 7.4 (or higher)

To configure SSO:

  1. Launch the Administration module.
  2. Navigate to the Security section.
  3. Select Settings and Defaults.
  4. Click Edit in the Authentication section.
  5. Browse to the Single Sign-On Options section.
  6. Enable Single Sign-On (SSO).
  7. Select the Identity Client Type:
      • Entra
      • PingOne
      • Okta

PingOne requires WebView2 runtime to be installed. PingOne Single Sign-On (SSO) cannot be tested on Windows Server 2016 and must be tested from a client machine.

  1. Enter the required SSO details.

SSOSettings.png

  1. Click OK.
Each identity Provider requires a specific Scope setup for each part of the application. Please refer to the specific example configuration article for your chosen Identity Provider for details.

2.2. Ideagen Quality Management 7.3

To configure SSO:

  1. Launch the Administration module.
  2. Navigate to the Security section.
  3. Select Settings and Defaults.
  4. Click Edit in the Authentication section.
  5. Browse to the Single Sign-On Options section.
  6. Enter the SSO details.

  1. Click OK.

2.3. Ideagen Quality Management 7.2

To configure SSO:

  1. Browse to the Ideagen Quality Management web directory.
    By default this will be C:\inetpub\wwwroot\.
  2. Open the qpulsedataportal folder.
  3. Open the web.config.
  4. Locate the GraphEndpoint tag.
  5. Remove any comment tags and update the endpoint with the path of your Single Sign-On (SSO) provider.
<add key="GraphEndpoint" value="https://graph.microsoft.com/v1.0/me"/>
<add key="Authority" value="https://login.microsoftonline.com/{TenantID}"/>
<add key="WebClientId" value="{WebClientID}"/>
<add key="IdentityClientType" value="AzureAD" />
<add key="SSOScope" value="" />
  1. Update the following items:
      • Authority: The URL of your SSO provider (including your Directory (tenant) ID).
      • WebClientID: The application client ID (as generated in your SSO provider configuration).
      • IdentityClientType: The type of your identity provider.
      • SSOScope: The default value is empty which will default to scope=user.
  1. Save the web.config.
  2. Browse to the C:\intetpub\wwwroot\qpulse folder.
  3. Open the web.config.
  4. Locate the GraphEndpoint tag.
  5. Remove any comment tags and update the endpoint with the path of your Single Sign-On (SSO) provider.
<add key="GraphEndpoint" value="https://graph.microsoft.com/v1.0/me"/>
<add key="SSOUrl" value="https://login.microsoftonline.com/{TenantID}/v2.0/"/>
<add key="SSOTokenUrl" value="https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/token"/>
<add key="WebClientId" value="{WebClientID}"/>
<add key="WebClientSecret" value="{WebClientSecret}"/>
<add key="RedirectUri" value="https://localhost/QPulse/"/>
  1. Update the following items:
      • SSOURL: The URL of your SSO provider (including your Directory (tenant) ID).
      • SSOTokenURL: The URL of your SSO token (including your Directory (tenant) ID).
      • WebClientID: The application client ID (as generated in your SSO provider configuration).
      • WebClientSecret: The web client secret (as generated in your provider configuration).
      • RedirectURL: The URL of your Ideagen Quality Management web interface.
  1. Save the web.config.

3. Preparing users

It is important that your users are prepared for Single Sign-On (SSO). Preparation includes configuring all user accounts for Single Sign-On (SSO) and also making users aware of how to log in to Ideagen Quality Management.

3.1. Configuring users

Ideagen Quality Management users will connect to your provider using the User Principal Name (UPN) in their Ideagen Quality Management user record. 

This can be done in three ways:

  1. Manually update the users via the Ideagen Quality Management administration module.
  2. Perform a bulk update of all users using a Microsoft SQL Script.
  3. Automatically configure new users with a UPN when the account is created.

For more details in this process please see our guide to updating users with a UPN when switching to Single Sign On authentication.

Further reading

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page