Menu

Single Sign-On (SSO) Integration with ADFS Active Directory Federation Services

Overview

This article will walk you through setting up an SSO integration with ADFS.

Configure your SSO Integration in qTest

  1. In qTest, hover over your username and select Administration.
  2. The Site Administration page loads. Select the Authentication tab.
  3. Select SSO from the left Authentication Systems panel.
  4. It is optional to enter a name for your IdP.
  5. You must enter a URL to your IdP metadata. Alternatively, you can upload a metadata XML file from your local machine. Remember to enter the IdP Metadata link using the following format: https://[your ADFS URL]/FederationMetadata/2007-06/FederationMetadata.xml
  6. Select the checkbox to 'Create new account on qTest upon user's first login' to allow users to create their qTest accounts. This will save time and effort because you will not need to invite or update many users.  This option will be explained below in the next section.
  7. Switch on Activation status in the top, right-hand corner of the screen.
  8. Select the Save button to save the configuration.

.1.png

IMPORTANT:

  • You will need to switch off the integration with your LDAP systems to enable SSO integration.

Configure ADFS Active Directory Federation Services

Check Federation Service Properties

The Web SSO lifetime should not be greater than 480 minutes.
1.png2.png

Add a Relying Party Trust

  1. In the left pane, click Add Relying Party Trust. 



  2. On the Welcome page of Add Relying Party Trust Wizard, click the Start button.
  3. At the Select Data Source step, select the option Import data about the relying party published online or on a local network and enter this URL: https://[your qTest URL]/saml/metadata.
  4. At the Specify Display Name step, enter any name for the Relying Party (e.g., qTest SSO).
  5. Proceed to the last step to complete adding a Relying Party Trust.

Edit Newly added Relying Party Trust

  1. After it has been created successfully, right click and select Properties to edit.
  2. In the Identifiers tab of the Properties dialog, view the identier URL (https://[qTest URL]/saml/metadata). 

    3.png

  3. In the Monitoring tab of the Properties dialog, edit the federation metadata URL and ensure it is the same as the identifier URL (https://[qTest URL]/saml/metadata). 

    4.png

  4. In the Advanced tab, select SHA-256 secure algorithm 
  5. Click the Apply button and close the dialog box.

Edit Claim Rules of Newly Added Relying Party Trust

  1. Right click and select Edit Claim Rules.
  2. Add a claim rule as described below.
    • Claim Rule Name: NameID
    • Attribute Store: Active Directory
    • Map the LDAP attribute with qTest field as in the image shown below.

    name.png7.png

  3. Add another claim rule.  This one is not required
    • Claim Rule Name: Attributes
    • Attribute Store: Active Directory
    • Map these qTest Manager fields: user.firstnameuser.lastname, and user.email with any suitable LDAP attributes.

    Edit Claim Rules - Attributes

Powered by Zendesk