Single Sign-On Settings

Single sign-on (SSO) is managed from the Single Sign-On Settings page (Administration > Application Settings > Single Sign-On).

Note: These settings are only available to users assigned the Manage Single Sign-On Settings application permission. Your Single Sign-On page view may differ if you have SSO enabled.

Tip: If you want to improve security you can hide the URL on the query string parameter using the SSOWebServiceCallback Global settings. This allows administrators to define the parameters of an SSO URL, redirecting users to the desired URL once they log into Qvidian via SSO. To hide the URL on the query string parameter: locate the SSOWebServiceCallback Global settings and enter the URL that the user will be redirected to after performing the QPA SSC. The default value is blank. If you have further questions, contact customer support or professional services.

Configure Upland Qvidian for SSO

Configure SSO settings

  1. Go to Administration > Application Settings > Single Sign-On.

    2. Note: The Authentication Mode setting is set by the service provider. If you need to modify this setting, please contact Upland Qvidian Support.

  2. Under User Settings, select the radio button next to one of the Enable New User Provisioning? options below.
    • Yes: SSO will automatically provision new users into Upland Qvidian including setting any Upland Qvidian user properties and role memberships as specified by the customer’s SSO values within bounds of the remaining SSO settings.
    • No: Users must already have Upland Qvidian user accounts to connect.
  3. Select the radio button next to one of the Enable SP-Initiated Single Logout? options below.
    • Yes: When the user logs out of Upland Qvidian, they are automatically logged out of the SP. This ensures the users must log in each time they exit and return to Upland Qvidian.
    • No: When the user logs out of Upland Qvidian, it does not log them out of the SP. This may allow users who have previously logged in to Upland Qvidian to open it without providing their credentials.
  4. Select the radio button next to one of the Manage Existing User Properties? options below.
    • Yes: For existing Upland Qvidian users, every time the user connects, the user properties updates specified by the customer’s SSO authority will be applied.
    • No: For existing Upland Qvidian users, the user properties will not update in Upland Qvidian.
  5. Select the radio button next to one of the Manage Existing User Roles? options below.
    • Yes: For existing Upland Qvidian users, every time the user connects, Upland Qvidian role memberships will be updated based on group membership specified by the customer’s SSO authority within the bounds of the other SSO settings for Upland Qvidian roles management.
    • No: For existing Upland Qvidian users, Upland Qvidian role memberships will not be updated regardless of group memberships specified by the customer’s SSO value.

Specify User Group / QPA Role Settings

These fields are only applicable to SSO subscribers.

  1. In the Default QPA User Roles field, enter the default QPA (Qvidian) user roles to use when creating and updating users if no mapped user roles can be identified. Separate multiple groups with a vertical bar (|).
  2. In the Authorized User Groups field, enter the customer user groups of which a user must be a member to access Upland Qvidian. The authorized user group name is case sensitive. Separate multiple groups with a vertical bar (|). If unspecified, authorized group membership check is not performed. If specified, the user connecting to Upland Qvidian must be a member of at least one of the specified customer groups or their connection will be rejected.
  3. In the User Group Keys Delimiter field, enter the delimiter, string or character, used to split out the list of customer-specified user groups to map customer user groups to Upland Qvidian user roles. The list of customer groups that the user is a member of is provided by the customer’s SSO authority in the user connection SSO assertion’s Groups attribute. If left empty, the default delimiter is a vertical-bar (|).

Add a new user group and QPA role mapping

  1. Click Add. The New User Group/ QPA Role Mapping dialog box displays.
  2. Enter the name of the User Group. This setting will display in the web.config file.
  3. Enter a Description of the mapping. This description will display in the web.config file.
  4. Enter one or more QPA Roles, separated by a vertical bar (for example, Role1|Role2|Role3).
  5. Click Save. The setting displays on the grid.

Modify an existing mapping

  1. Select the mapping and click More. The Modifying User Group/ QPA Role Mapping dialog box displays.
  2. Edit the user group name, description or roles.
  3. Click Save.

Delete a mapping

  • Select the mapping and then click Delete. You are prompted to confirm the deletion. The settings are removed from the grid and consequently the web.config file.