Skip to main content

Admin SAML Configuration (IdP SSO)

  • Updated

NOTE: This is Identity Provider (IdP) SSO, not Service Provider initiated SSO. This means the request with SAML assertions must come from your server. Simply clicking on the SAML link is not going to authenticate you since the SAML assertion would not be included in the request.

SAML SSO vs Basic Authentication

The SAML SSO login standard also has these significant advantages over standard login:

  • No need to type in credentials
  • No need to remember and renew passwords
  • No weak passwords

SAML Identity Provider Setup

  • Create x509 Private Key Pair
  • Create SAML link

SAML Link Attributes

SAML Version: 2.0
Message Signing: Assertion Only
Signature Method: SHA256
Name Identifier: Email Address
x509 Private Key Pair: assign the key pair created in step above
Assertion URL: see section below
Service Provider Metadata URL: see section below

eQuest-Side Configuration

You will need access to the eQuest admin tool to:

  • Enable SSO
  • Access the Assertion & Metadata URL's
  • Configure the public key

While in eQuest admin, navigate to Advanced Settings > select "Saml SSO Configuration".

Here you can get the Entity Id, Assertion Url and Metadata Url

saml-sso-entityid.png

eQuest SAML Setup

  • Check "Enable SSO" box
  • Click the “From cert ... ” button in the Fingerprint field
  • Paste in the public certificate (complete with ----BEGIN/END CERTIFICATE----)
  • Select "Get Key" — after saving, the certificate will be converted into your Fingerprint

get_public_key.png

eQuest Admin Account Setup

You will need eQuest admin accounts for each individual that will require admin access.

NOTE: Email address is key, as it's used for the SAML authentication.

You can verify "Account Email" in the Admin account profile matches the email address that eQuest will receive in the SAML request.

image_8761654551021559336626458.png

Account Email field within Admin Account Profile (used in the SAML authentication)

Verify the SAML Connection

Once everything is configured as outlined above, you should be able to connect to eQuest admin via the SAML link within your application.

Testing vs Production

If you must configure SAML in the eQuest testing environment, be aware that the Assertion and Metadata Url's are specific to each environment.