Menu

Single Sign-On SSO Integration

This feature allows qTest users to log in to qTest with their SSO credentials.

Configuring qTest on your IdP

  1. You will need to add your as an application on your IdP.  You can find the URLs to configure the application SAML in qTest's SSO integration page.  
  2. In order for qTest to retrieve user information from your IdP, please map the following attributes.
    • user.email
    • user.firstname
    • user.lastname

Configuring SSO Integration

As a site administrator, you can configure and activate SSO integration.

  1. Access the qTest Manager Administration section.  Select the Authentication Integration tab on the main navigation and then select SSO from the left pane.
  2. On your IdP side, you will need to add qTest Manager as an application.
  3. It is optional to enter a name for your IdP.
  4. You must enter a URL to your IdP metadata.  Alternatively, you can upload a metadata XML file from your local machine.
  5. You can select the option Create new account on qTest upon user's first login to allow users to create their qTest accounts.  This will save time and effort because you will not need to invite or update many users.  This option will be explained below in the next section.
  6. Switch on Activation status.
  7. Click the Save button.

IMPORTANT:

  • You will need to switch off the integration with your LDAP systems to enable SSO integration.

Enable SSO login for a qTest user

To log in to qTest Manager with SSO, a user will need an SSO account and an associated qTest account.  There are three ways to enable SSO login for a qTest user - invite a new user, update an existing user, or allow SSO users to create associated qTest Manager accounts upon their first login.

Invite a new user

  1. Click the Invite button.
  2. On the Invite User dialog, enter an email to create an associated qTest Manager account.
  3. Select the option Let the user log in with his SSO username.
  4. Enter the SSO username.

IMPORTANT: You cannot invite a new user if the input email or SSO username is currently being used by an existing qTest user.

Update an existing user

  1. Change the Authentication System of the user to SSO.
  2. Click the SSO Username field of the user. The field will change to a text box.  Enter the user's corresponding SSO username.
  3. Click the Save button.
  4. The user will receive a notification email.

Allow SSO Users to Create Associated qTest Manager Accounts upon Their First Login

  1. In your IdP, grant users with the permission to access to qTest Manager.
  2. In qTest Manager, select the option Create new account on qTest upon user's first login.
  3. When users login to qTest Manager for the first time, they will need to confirm to create an associated qTest Manager account.

    IMPORTANT:

    • If qTest retrieves user email from the IdP and there is an existing qTest Manager account (authenticated by qTest) with the same email, the user is allowed to associate the SSO account with the qTest Manager account.
    • If the email is manually input or the qTest Manager account is authenticated by SSO, the user will not be allowed to do so.

Configure ADFS Active Directory Federation Services

Check Federation Service Properties

The Web SSO lifetime should not be greater than 480 minutes.
Federation Service Properties

Add a Relying Party Trust

  1. In the left pane, click Add Relying Party Trust. 



  2. On the Welcome page of Add Relying Party Trust Wizard, click the Start button.
  3. At the Select Data Source step, select the option Import data about the relying party published online or on a local network and enter this URL: https://[your qTest URL]/saml/metadata.
  4. At the Specify Display Name step, enter any name for the Relying Party (e.g., qTest SSO).
  5. Proceed to the last step to complete adding a Relying Party Trust.

Edit Newly added Relying Party Trust

  1. After it has been created successfully, right click and select Properties to edit.
  2. In the Identifiers tab of the Properties dialog, view the identier URL (https://[qTest URL]/saml/metadata). 

    qTest SSO Properties - Identifiers

  3. In the Monitoring tab of the Properties dialog, edit the federation metadata URL and ensure it is the same as the identifier URL (https://[qTest URL]/saml/metadata). 

    qTest SSO Properties

  4. In the Advanced tab, select SHA-256 secure algorithm 
  5. Click the Apply button and close the dialog box.

Edit Claim Rules of Newly Added Relying Party Trust

  1. Right click and select Edit Claim Rules.
  2. Add a claim rule as described below.
    • Claim Rule Name: NameID
    • Attribute Store: Active Directory
    • Map the LDAP attribute with qTest field as in the image shown below.

    Edit Claim Rules - NameID

  3. Add another claim rule.  This one is not required
    • Claim Rule Name: Attributes
    • Attribute Store: Active Directory
    • Map these qTest Manager fields: user.firstnameuser.lastname, and user.email with any suitable LDAP attributes.

    Edit Claim Rules - Attributes

Enter ldP Metadata Link into qTest Manager

Remember to enter the IdP Metadata link using the following format: https://[your ADFS URL]/FederationMetadata/2007-06/FederationMetadata.xml

Subscribe To Our Blog
Powered by Zendesk