Single Sign-On (SSO)

The Single Sign-On capability in QCommission lets the users arriving at your support portal login with their one set of login credentials. This saves them the time and effort involved in creating a separate account for your support portal. You can configure QCommission to provide SAML based Single Sign On for your users. This way, they do not have to provide separate login credentials for QCommission. The authentication of the user is done by SAML provider you configure on your side and the user attributes like Email address are sent back to QCommission.

QCommission Identity uses the XML-based Security Assertion Markup Language (SAML) protocol for single sign-on from a corporate portal or identity provider. SSO enables SAML Cloud Single Sign-On (SSO) for QCommission, saving your organization time and money, while dramatically increasing usage and security. QCommission SSO AD integration enables your organization to integrate QCommission with a corporate Intranet. Once set up, your Users can sign into your corporate intranet, and then access QCommission without the need to sign in a second time using their QCommission login credentials.
Architecture of SSO in QCommission
Security Assertion Markup Language (SAML) is a mechanism used for communicating identities between two web applications. It enables web-based Single-Sign-On and hence eliminates the need for maintaining various credentials for various applications and reduces identity theft. A user requests for a SAML SSO to access a resource that is protected by a service provider. The service provider requests the identity provider to authenticate the user. The identity provider checks the existence of the user and sends back an assertion to the service provider that may or may not include the user information.

The communication between the identity and service providers happens in the SAML data format. SAML single sign-on works by transferring the user's identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents. Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. This single sign-on (SSO) login standard has significant advantages over logging in using a username/password:
  • No need to type in credentials
  • No need to remember and renew passwords
  • No weak passwords 
Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It makes sense to use this information to log users in to other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML. SAML is very powerful and flexible, but the specification can be quite a handful.

How SAML Works
The user accesses the remote application using a link on an intranet, a bookmark, or similar and the application loads.
  • The application identifies the user’s origin (by application subdomain, user IP address, or similar) and redirects the user back to the identity provider, asking for authentication. This is the authentication request.
  • The user either has an existing active browser session with the identity provider or establishes one by logging into the identity provider.
  • The identity provider builds the authentication response in the form of an XML-document containing the user’s username or email address, signs it is using an X.509 certificate, and posts this information to the service provider.
  • The service provider, which already knows the identity provider and has a certificate fingerprint, retrieves the authentication response, and validates it using the certificate fingerprint.
  • The identity of the user is established, and the user is provided with app access.

Active Directory/SSO
SSO integrates your users' cloud accounts with their Active Directory (AD) account so they can enjoy a consistent logon process across apps. Active Directory takes on powerful new capabilities to control real-time access to SaaS, web, desktop, and mobile applications and there is no need to embark on a complex Active Directory integration project for each new app. From single domain environments to complex directory infrastructures, OneLogin makes it easy to extend Active Directory to the Cloud. The solution provides users secure access to all SAML enabled cloud applications, including Microsoft 365, G Suite, Salesforce etc., This means that they do not have to deal with remembering multiple passwords of varying lengths and complexities. Once configured, anytime users try to log on to cloud software, they will be redirected to the Active Directory, which authenticates their accounts.

Single Sign On (SSO) is an API that allows you to send members once authenticated in your website, to the QCommission login page or directly to the QCommission. SSO provides an API plan for managing SSO Plans via https system domain, API Designed specifically to work with Hypertext Transfer Protocol (HTTP). By passing their identification and other security parameters attendees will access your website and then access QCommission with no need to enter another password. System operators can use the API to automate plan creation, retrieval, update, and deletion. Single Sign-On automatically creates accounts and signs users in as they browse between multiple and independent websites, domains, and databases in your ecosystem. Take away the need for your users to register new accounts or re-enter their authentication credentials when they switch from one of your websites to another. 

The Microsoft Dynamics CRM Single Sign-on (SSO) Integration lets you create a client application that uses Auth0 for authentication and provides SSO capabilities. OneLogin's secure single sign-on integration with Microsoft Dynamics CRM saves your organization time and money while significantly increasing the security of your data in the cloud. Your users log in to Dynamics CRM with Auth0 identity providers, which means they perform the identity credentials verification, with single sign-on users only must enter one set of credentials to access their web apps in the cloud and behind the firewall – via desktops, smartphones, and tablets. Easily connect Active Directory to Microsoft Dynamics CRM. Support for remote Logins and You login to one cloud app and you do not need to authenticate separately to the rest of them. Increase productivity while keeping data secure.