Single Sign-On (SSO) Integration with Microsoft Azure Active Directory


This feature allows qTest users to log in to qTest with their SSO credentials. As a site administrator, you can configure and activate your SSO integration with Azure AD using the instructions below.

Important Announcement for new SSO Integrations

qTest Manager SSO Service Provider (SP) uses an x509 certificate to sign authentication requests and decrypt SAML assertions. As part of qTest Manager's security process, we update our SP certificate every 3 years in August. The current certificate expires September 9, 2019.

If you are using:

  • any version of qTest OnPremise that is 9.7.1 or earlier
  • and setting up an SSO integration for the very first time

You must update the SSL certificate in each Manager server before configuring your IdP.

Configuring qTest to your Identity Provider (IdP)

You will need to add your qTest instance as an application on your IdP. To begin, you should locate the URLs to configure the application SAML in qTest's SSO integration page.  

Access qTest's SSO Integration Information

You will need the following URL's when configuring your IdP in the next steps.

  1. Login to qTest and hover over your username and select Administration.
  2. In Site Administration. Select the Authentication tab.
  3. Select SSO from the "Authentication Systems" panel.
  4. The "Single Sign-On (SSO)" page will display, and in the SSO section, you will find the URLs needed to configure your IdP.


Configure your IdP with Azure Active Directory

  1. In a separate browser window, open up your Azure instance. You can follow the web guide for using the Azure portal, and the information for configuring this application can be found here.
  2. Enter in the configuration information as follows:
  3. Assign a user to Administrator roles in Azure. Instructions are found here.
  4. Assign a user or a group to an Enterprise App in the Azure Active Directory. Instructions are found here.
  5. Download the metadata by selecting the Metadata XML link to download and copy it to the Qtest server folder. 
    • For example: c:\Users\lamtnguyen\Downloads\qTest.xml 

Configure your SSO Integration in qTest

  1. In qTest, hover over your username and select Administration.
  2. The Site Administration page loads. Select the Authentication tab.
  3. Select SSO from the left Authentication Systems panel.
  4. It is optional to enter a name for your IdP.
  5. Enter a URL to your IdP metadata.  Alternatively, you can upload a metadata XML file from your local machine.
  6. Select the checkbox to 'Create new account on qTest upon user's first login' to allow users to create their qTest accounts. This will save time and effort because you will not need to invite or update many users.  This option will be explained below in the next section.
  7. Switch on Activation status in the top, right-hand corner of the screen.
  8. Select the Save button to save the configuration.  If you are using Manager 9.8.1+, review the optional configuration options here.


Now, you should Run the Service Provider with the SP-Initiated SSO. To do so, follow these steps:

  1. On the qTest log-in page, select the SSO login icon.
  2. You should be met by the Azure Identity Provider Login Prompt.
  3. Log in using the credentials of a user in Azure Active Directory.
  4. You should then be taken to the qTest Service Provider's default page.

Enable SSO login for a qTest user

To log in to qTest Manager with SSO, a user will need an SSO account and an associated qTest account. There are three ways to enable SSO login for a qTest user - invite a new user, update an existing user, or allow SSO users to create associated qTest Manager accounts upon their first login (suggested).

Update an Existing qTest User 

This 'bulk add' option could be used when adding multiple qTest users to a new SSO application. However, it is still a manual process and could be time-consuming. 

  1. In Site Administration, select the Licenses and Users tab.
  2. In the grid, select the Authentication System field for the user, and change that user's Authentication system to SSO.
  3. Change the Authentication System of the user to SSO.
  4. Select the SSO Username field of the user. The field will change to a text box. Enter the user's corresponding SSO username.
  5. Click the Save button.
  6. The user will receive a notification email.

Allow SSO Users to Create Associated qTest Manager Accounts upon Their First Login

Suggested login option to easily merge the SSO account with qTest.

  1. In your IdP, grant users with the permission to access to qTest Manager.
  2. In qTest Manager, select the option Create new account on qTest upon user's first login.
  3. When users log in to qTest Manager for the first time, they will need to confirm to create an associated qTest Manager account.


    • If qTest retrieves user email from the IdP and there is an existing qTest Manager account (authenticated by qTest) with the same email, the user is allowed to associate the SSO account with the qTest Manager account.
    • If the email is manually input or the qTest Manager account is authenticated by SSO, the user will not be allowed to do so.

Optional Configuration Option

Define Custom Mapping Attributes for SSO Integration

Manager 9.8.1+: Site Admins have the ability to define custom mapping attributes for your SSO Integration. The attribute values are prepopulated by default, with the values below:

  • user.firstname
  • user.lastname 

If you choose to change a default attribute value, to a custom mapping, qTest will use the new values to retrieve data from SAML responses.


Powered by Zendesk