Single sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.
As we highly value security in all of our operations, we decided to make SSO available for all AlisQI customers free of charge!
This article presents how to configure single sign-on for AlisQI with MS Azure AD.
Other directories should work just fine, as long as they support SAML 2.
AlisQI encourages the use of single sign-on for security and convenience. If you wish to enable this feature, please contact [email protected].
AlisQI supports single sign-on based on SAML 2.
In SAML terms, your user directory (e.g., Azure Active Directory) will fulfill the role of Identity Provider (IdP), while AlisQI is the Service Provider (SP).
Without SSO, AlisQI users are identified by a username and a password. Email addresses are optional.
With SSO enabled, users are identified by their email addresses. Since the username and password fields are obsolete, they will be deactivated when going live with SSO.
Before SSO can be enabled, all users must have a valid email address. Note that these must exactly match those in your user directory!
In this article, you'll have all the steps for setting up Microsoft Azure Active Directory since most of our customers use this. Other directories should work just fine, as long as they support SAML 2.
Before you start configuring SSO in Azure, you need to download the metadata of the AlisQI SP. You can find the link in the application settings screen. Clicking it will automatically download the XML file.
Open your Azure AD portal
Choose Manage / Enterprise applications from the menu
Add a new application
Click "Create your own application"
In the application overview, open single sign-on settings and then select SAML
Upload the AlisQI metadata you downloaded earlier
A popup "Basic SAML Configuration" will open. You don't need to make any changes, so just hit Save and close the popup.
A second popup will ask whether you wish to test single sign-on. This won't work yet, so just close it.
Edit the User Attributes & Claims, and set Unique User Identifier to user.mail like in the image below
Copy the App Federation Metadata Url and send it to AlisQI support.
You must specifically allow users to access AlisQI by adding them to the Users and groups menu in the application overview.
Optionally, you can add the AlisQI logo in the properties screen to make the application more recognizable to your users.