This topic refers to functionality that is only available to accounts on the Business-level or above plans. If you do not see the functionality described here, either your account or realm has not been configured to show it, or your account is not on one of those plans.
As an alternative to configuring SAML within Quickbase, you may decide to contact Quickbase Customer Care to assist you.
Your organization’s IT department must first configure a SAML IdP that will communicate with your corporate access system, using the SAML assertion details required. Contact your Quickbase Account Executive, Customer Success Manager, or CARE if you need support.
Provide IdP details to Customer Care
When the IdP configuration is complete, contact Quickbase Customer Care to provide the following IdP details:
Entity ID* – This identifies the asset or realm you are trying to access. You should use your realm URL, for example entityID="https://samltest.quickbase.com".
Sign-in URL* – This URL is used by Quickbase to request authentication from the IdP (Destination in the AuthnRequest). It redirects the user to the client company's login page.
Sign-out URL – The URL that redirects the user to a web page after logging out of Quickbase.
Provider Name* – How Quickbase is identified in your IdP logs, for example Quickbase.
Support page URL* – A URL that redirects authentication issues to an internal IT tracking website.
Text for support link* – A name in your IT department that provides your employees with a point of contact to report SSO errors.
Public Certificate* – The Identity Provider’s X.509 authentication certificate used to sign the SAML assertion XML before sending it to Quickbase.
* indicates a required item
After Quickbase Customer Care receives your IdP information and before SSO SAML is pushed to your live production realm account, they perform the following steps to test the SSO SAML settings:
Customer Care schedules a call with you during the work week (Monday through Friday) to schedule a test to ensure that everything is working properly. Note: Customer Care requires 24 to 48 hours lead time to schedule the test. To test or implement changes during off hours, Customer Care can accommodate on a case by case basis.
Customer Care creates a test realm account environment to configure the SAML settings.
After a successful test on the test realm account, Customer Care implements the same setup on the live realm account.
Contact Quickbase Customer Care or your Sales Engineer to supply a list of the email domains registered with your company. Users provisioned or invited into your realm with email addresses matching the company's email domain are required to authenticate through SAML. If you have existing Quickbase users, verify that their email addresses in Quickbase match the email addresses sent by the SAML IdP.
Important: The first time a user authenticates using SAML, Quickbase searches for an exact email address match to determine who (Quickbase user) is signing in. The email address in Quickbase must match the one that the SAML lIdP sends.
If the email addresses don't match the email addresses sent by the SAML IdP (for example, firstname.lastname@example.org and email@example.com), Quickbase won't recognize the sign-inattempt from the existing user, and will create a new user who won't have access to any of the existing user's apps. Quickbase treats the user as a new user when they sign in, and all of their Quickbase history is lost.