This topic refers to functionality that is only available to accounts on the Business-level or above plans. If you do not see the functionality described here, either your account or realm has not been configured to show it, or your account is not on one of those plans. |
Configuring your Identity Provider (IdP) for SAML
To enable single sign-on (SSO) to Quickbase, you must first configure an IdP that can communicate with your corporate access system using SAML 2.0. The IdP's purpose is to securely maintain user identity information and authenticate users through the corporate access system.
The following diagram shows what occurs when a user attempts to log in to Quickbase with SAML authentication.
When a user attempts to access Quickbase and is not yet authenticated, Quickbase sends an authentication request (AuthnRequest) to the Identity Provider. This request contains:
-
Issuer – urn:oasis:names:tc:SAML:2.0:assertion
-
Destination – The single sign-on URL on the Identity Provider side
-
AssertionConsumerService – The URL of the Quickbase service that communicates with the Identity Provider (https://<realmhostname>.quickbase.com/saml/SSOAssert.aspx)
If the user is a valid user, the Identity Provider sends back an XML response called the SAML assertion that positively identifies the user. Otherwise, an error message provided by the IdP displays for the user.