Identity Provider Setup – Federated SSO

Read this topic to understand the requirements for integrating a corporate identity / SSO provider into QSC ID.

Background

QSC ID is an authentication platform for QSC and Q-SYS services. QSC and Q-SYS customers can request to integrate their own corporate SSO / Identity Provider (IDP) services into QSC ID. Once this is complete, QSC ID will redirect users to their corporate identity provider instance to authenticate into the platform, bypassing its own internal password authentication mechanisms.

Reasoning

Corporate customers using integrated SSO can commission and decommission users within their own IDP systems, providing or refusing access to QSC ID based on users’ professional QSC ID accounts.

Process

To set up corporate IDP integration with QSC ID:

1. Go to the Q-SYS Knowledge Base at support.qsys.com.

2. Click Contact Support > Create a Case.

3. In the case form, request SSO integration and provide these details:

   • SSO service – for example, Azure Active Directory, Google OAuth, Okta, etc.
   • SSO protocol – QSC ID supports OpenID Connect and SAML 2.0:
   OpenID Connect

   For OpenID Connect services, you must provide:

   • Authorization URL
   • Token URL
   • Client ID
   • Client Secret
   SAML 2.0

   For SAML 2.0 services, you must provide:

   • Single Sign-On Service URL
   • User's email as a claim in the SAML response.

   Note: The IDP system must support the NameID Policy format of "emailAddress".

4. Submit the new case.

5. QSC will reply with a Redirect URI to be whitelisted (if using OpenID Connect) or a Service Provider Entity ID and Redirect URI (if using SAML 2.0).