Single Sign-On | INTERMEDIATE
Many organizations have a corporate access system that enables users to access multiple secure directories using only their network login. This avoids users having to sign-in each time with a different login on a variety of software tools the organization uses. Quick Base has readily available technology that can allow users to use their network login to gain access via Single Sign-On (SSO).
EDITORS NOTE: This topic refers to functionality that is only available to accounts on the Quick Base Platform or Quick Base Unlimited plans. You can check this functionality under Account Admin > Account Info. If you do not see the functionality described here, either your account realm has not been configured to show it, or your account is not on one of these plans.
Here are a few reasons to get on board with Single Sign-On through Quick Base:
✓ Easy Account Administration – Since user authentication information is in your organization’s central directory, Quick Base Account Administrators don’t need to spend time managing users who have changed status.
✓ Simplified Application Access – Users can use the same username and password they do to access other corporate resources. Simplifying the log-in process can increase user adoption – making it easier for application administrators to create successful apps.
✓ Security Compliance – Many IT departments require SSO solutions in order to establish consistent password policies and centrally administer access credentials with vendors.
✓ Protocol Support – Use your corporate directory to share credential information with Quick Base in the protocol of your choice. Quick Base supports SAML 2.0 and LDAP integrations.
EDITORS NOTE: You can still use Quick Base roles and permissions to limit user access and capabilities within the realm.
Requesting Single Sign-On to be Implemented:
To initiate implementation of SSO, you will first have to create a support ticket in Quick Base:
- Select the ? on the upper-right hand of your screen.
- Then select Manage Support Cases
- Next, click the +New Support Case button.
- Fill out the form requesting Single Sign On to be enabled. Then select Create Case
Once you have submitted your request to implement Single Sign-On, a Quick Base Account Executive or Customer Success Manger representative will respond to your case and help you through the process. You will be provided a form entitled, Quick Base SAML Implementation Form, which will highlight what is needed from you or the IT/Technical Lead within your organization.
What Quick Base Needs from you:
✓ Entity ID – This identifies the asset/Realm you are trying to access. (Required; this typically your realm URL)
✓ Login URL – This is the URL used by Quick Base to redirect the user to the client company login portal. (Required)
✓ Logout URL – The URL that the User Agent is redirected to upon Quick Base log out. (Optional)
✓ Provider Name – How Quick Base will be identified in your IdP logs, for example, “Quick Base”. (Optional)
✓ Support URL, Text for support link – A link name and URL that will allow your employees to report errors related to single sign-on to your IT department. (Optional)
✓ Public Certificate – The Identity Provider’s X509 Authentication certificate that is used to sign the SAML assertion before sending it to Quick Base. (Required)
Once the required information above is provided to Quick Base, your Quick Base Account Executive or Customer Success Representative will pass this information along to their Tier 2 Support Team.
Here are some expectations of next steps that will come from the Tier 2 Support Team:
- A test realm of your app will be automatically created.
- The tier 2 support representative will review all the required/optional items – Entity ID (Required), Login URL (Required), Logout URL (Optional), Provider Name (Optional), Support URL (Optional), and Public Certificate (Required)
- The following claim rules will be reviewed with the IT/Technical Lead – NameID, FirstName, LastName, EmailAddress, and X509 Public Certification File.
EDITORS NOTE: Keep in mind Attribute/Claim Rules (Listed in step 4) are formatted as such, this format is case sensitive without spaces.
Once the claim rules have been formatted correctly and confirmed, you will be able to use the test URL that was provided from your Tier 2 Support Representative to test the SSO functionality. In the case of an issue, your Tier 2 Support representative will walk you or the IT/Technical Lead in troubleshooting any issues that may arise.
✓ Application Error. This is mostly due to the Claim Names not being formatted correctly such EmailAddress or FirstName and LastName. Remember, these are case sensitive with no spacing and need to be formatted exactly the way Quick Base shows on the Quick Base SAML Implementation Form.
✓ A User is unable to login via SSO – Receives a message from Quick Base, “Not an Authorized User.” This tends to be caused by not having their network email address match the email address used in Quick Base for that particular user. You will want to ensure all users have the correct email address via single sign-on and what is registered on Quick Base.
Another important aspect of user management is managing your licenses and access for your current team. Click here to read more about setting how to deny user access.
- Author: Alex Skudrovskis (firstname.lastname@example.org))
- Date Submitted: 5/9/2019