Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

[Example] Configuring Microsoft Entra ID for Single Sign-On (SSO)

By Alan Blair
  • Last updated
⌘ K
Search this article
Print this article
Who is this article for?

IT Administrators implementing Single Sign-On (SSO).

IQM v7.4 and IQM Mobile v2.4.0 are required.

Ideagen Quality Management Single Sign-On (SSO) allows end users to authenticate with Windows and Web clients via Single Sign-On with Microsoft Entra ID.

This article outlines the steps required to configure Microsoft Entra for Ideagen Quality Management Single Sign-On (SSO).

We do not directly support the Entra ID. These steps are provided as a guide only to assist in the configuration. Before you begin please ensure your Ideagen Quality Management is using SSL for secure connections.

1. Creating a scope

In version 7.6.1 and above, you will be asked to enter Scope information into the system when configuring the Single Sign-On options.

Below is a table listing the different scopes for different parts of the application.

Application openid email profile userinfo offline_access User.Read
Web  
Windows Client            
Mobile    
Scopes are case sensitive and need to be separated by a space when entered into the system (e.g. openid email profile)

2. Entra Portal app registration

In order for Single Sign-On (SSO) to work you will need to configure a Redirect URL via the Microsoft Entra Portal's App Registration.

The Redirect URL / Reply URL must be configured with the address where the authorised server sends the user when the app has successfully authorised access and granted an access token.

Important
All URLs and URIs are case sensitive.

3. Creating a new app

To create a new app:

  1. Log in to the Entra Portal and go to App Registration.
  2. Click New Registration.
  3. Give the registration a clear name (e.g. QP7SSO).

1167d7f9-e91a-4115-bf4b-cc5877ac49a5.png

4. Creating client secrets

To create client secrets:

  1. Open the new application registration created.
  2. Click on Certificates & Secrets.
  3. Click New Client Secret.

9ae191db-702b-4ff0-9b7f-98dc9056f50f.png

  1. Enter a new client secret.
  2. Copy the client secret value (this is needed later in the Ideagen Quality Management configuration).

5. Adding API permissions

To add permissions:

  1. Open the new application registration created.
  2. Click on API Permissions.
  3. Click Add Permission.
  4. In Request API Permissions , add:
      • email
      • profile

8ba70c8c-b7e8-42d1-b8e6-c6a9f8f43797.png

  1. Click Add Permissions.
Important
Admin consent must be granted otherwise the users won’t be able to access email and profile graph endpoints within an Entra ID tenant.

6. Adding ID and Access Token

To add ID and Access Token:

  1. Open the new application registration created.
  2. Click on Token Configuration.
  3. Click Add Optional Claim.
  4. In Add Optional Claim, select the token type as ID.
  5. Add the following claims:
      • acct
      • email
      • family_name
      • given_name
      • Preferred_username

6ab5af76-82ca-44f5-9d1c-14c513a6c4e5.png

  1. Click Add.
  2. Click Add Optional Claim again.
  3. In Add Optional Claim, select the token type as Access.
  4. Add the following claims:
      • acct
      • email
      • family_name
      • given_name
      • Preferred_username

6ab5af76-82ca-44f5-9d1c-14c513a6c4e5.png

  1. Click Add.

Notice you will have a set of ID token claims and a set of Access token claims.

ac114291-cedc-4055-b624-e95f4014aaba.png

7. Adding redirect URL to authentication

7.1.1. Add Web Platform

To add a Web Platform:

  1. Open the new application registration created.
  2. Click on Authentication.
  3. Click Add a Platform.
  4. Select Web as the Platform type.

7bfdb5e2-bd93-41a1-9c82-c9c57c9b7522.png

  1. Set the Redirect URI to the URL of your Web interface.
    It should look like https://servername/QPulse/.

7a12f9f7-a966-473c-b0cb-2e5d76711416.png

  1. Select Access tokens (used for implicit flows).
  2. Select ID tokens (used for implicit and hybrid flows).
  3. Click Configure.
  4. Click Add a Platform.
  5. Click Mobile and Desktop applications.

  1. Enter the custom redirect in the format of ms-appx-web://Microsoft.AAD.BrokerPlugin/<ClientID>.
  2. Go to Mobile and Desktop Applications.
  3. Find the Redirect URIs section.
  4. Click Add URI.
  5. Enter qpulsemobile://auth/.
Example
ms-appx-web://Microsoft.AAD.BrokerPlugin/2afe572e-d268-4c77-a22d-fdca617e2255.
Important
If you use multiple Ideagen Quality Management databases then additional configuration will be required to support each database. Please see the steps below.

7.1.2. Multiple Ideagen Quality Management Databases

To add additional databases:

  1. Find the Redirect URIs section.
  2. Click Add URI.
  3. Enter the URL for each database configured in your system.

Example

  • https://live.servername/Qpulse/
  • https://training.servername/Qpulse/
  • https://uat.servernameQpulse/
  1. Click Save.

18f2f217-dd1f-4666-8e53-0557f3aaa610.png

7.2.1. Add Single Page Application Platform

To add a platform:

  1. Click Add a Platform.
  2. Select Single Page Application.
  3. Enter the Redirect URL as the Web interface URL (in the Configure Single-Page Application section).

07e45728-ec60-4159-b0e8-3d172ea59570.png

Example
https://servername/QPulse/Authenticate.aspx
Important
If you use multiple Ideagen Quality Management databases then additional configuration will be required to support each database. Please see the steps below. Please also bare in mind that this is CASE SENSITIVE which the examples showcase.

7.2.2. Multiple Ideagen Quality Management Databases

To add additional databases:

  1. Find the Redirect URIs section.
  2. Click Add URI.
  3. Enter the URL for each database configured in your system.

Example

  • https://live.servername/QPulse/Authenticate.aspx
  • https://training.servername/QPulse/Authenticate.aspx
  • https://uat.servername/QPulse/Authenticate.aspx
  1. Click Save.

0843ae21-ac43-4953-be9f-3d08d8f95f12.png

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page