Introduction
Single Sign-On (SSO) provides an easy way to access Quoter using your SSO Identity Provider / IAM Service. To use SAML SSO, you need an Identity Provider that supports SAML 2.0.
This widely supported protocol enables web-based authentication scenarios including cross-domain SSO and federated authentication between SaaS applications, like Quoter, and on-premise directory systems, such as Active Directory. The key to this feature is the intermediary SAML SSO server β also known as the identity provider.
How it works
Authentication to your subdomain (subdomain.quoter.com) is handled by your identity provider. Whenever Quoter or one of your other apps or sites wants to authenticate you via SSO, they'll redirect you to the identity provider. If you are not logged in, you can log in using your SSO credentials. But if you're already logged in, you won't need to log in again. You are immediately redirected back to Quoter with the necessary authentication token. This token is used to verify that you are authenticated with the identity provider.
Getting Started
It's highly recommended that before you begin the below set of instructions, log in to your Quoter account twice - once in a regular browser and once in an incognito/private window.
Alternatively, you can also log in to two separate browsers to ensure that you are still logged in to your account in case you are locked out in the other window.
Start by logging in to Quoter as the Account Owner and navigating to the SSO configuration settings of the identity provider, so that you can configure the two simultaneously. Each of your users will need to be provisioned in the identity provider, with exactly the same email address as their Quoter user account, since that is how Quoter will identify them.
After configuring SSO in your identity provider, return to Quoter, navigate to Account > Authentication, enable SAML SSO, and paste the following identity provider data into Quoter.
Issuer (Entity ID) - The URL that uniquely identifies your SAML identity provider. Also called: Issuer, Identity Provider, Entity ID, IdP, IdP Metadata URL.
SAML Login URL - The SAML login endpoint URL of the SAML server. Quoter redirects to this URL for SSO if a session isn't already established.
βAlso called: Sign-on URL, Remote login URL, SSO URL, SSO Endpoint, SAML 2.0 URL, Identity Provider Sign-in URL, IdP Login URL, Single Sign-On Service URL.SAML Logout URL - A URL where Quoter can redirect users after they sign out of Quoter.
βAlso called: SLO Endpoint, SAML Logout URL, Trusted URL, Identity Provider Sign-out URL, Single Sign-Out Service URL.X509 Certificate - The authentication certificate issued by your identity provider (a base-64 encoded X.509 certificate). Be sure to include the entire certificate, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE------.
βAlso called: Public Certificate, X.509 Certificate.
You should now have a working SSO implementation for Quoter which you can test by going to your subdomain (subdomain.quoter.com) in a new browser session. This process and the information asked for should be common to all identity providers