SSO Introduction
Overview
IQNECT mandates the use of Single Sign-On (SSO) for all tenants to ensure a secure and streamlined authentication process. Our platform fully supports two major industry-standard protocols for SSO:
- OpenID Connect (OIDC)
- Security Assertion Markup Language (SAML) 2.0
This provides flexibility for organizations to integrate their existing Identity Provider (IdP) systems with IQNECT seamlessly.
Supported Identity Providers
IQNECT has been thoroughly tested and verified with the following identity providers (IdPs) using either OIDC or SAML 2.0 protocols:
- Microsoft Entra (formerly Azure AD) - OIDC and SAML
- AWS Cognito - OIDC
- Google - OIDC
- Okta - Okta SAML and Okta OIDC
Other IdPs that support OIDC or SAML 2.0 should also be supported, but they haven't yet been validated. Generic instructions are available here for OIDC and SAML.
This allows customers to leverage their existing IdP configurations to manage user access and authentication in IQNECT.
Tenant and SSO Configuration
Tenant in IQNECT refers to an isolated environment created for each customer or organization. Each tenant can only have one active SSO configuration at a time. However, multiple configurations can exist and be toggled between, offering flexibility when switching between IdPs or when testing new configurations.
When configuring SSO for a tenant, administrators must define how user attributes from the IdP map to IQNECT’s internal user attributes. This mapping ensures proper identification and access management within the platform.
Mapping User Attributes
The following user attributes must be mapped from the IdP to IQNECT during SSO configuration:
- ID: A unique, unchanging identifier assigned by the IdP to each user. This is the primary attribute used by IQNECT to identify users and should never change once assigned.
- Email Address: The user's email address, which will be used for communication and notifications within IQNECT. It must be valid and unique within each tenant to avoid conflicts.
- Display Name: The full name of the user as it appears in the system. This attribute helps provide a personalized experience within IQNECT, ensuring users are identified clearly during interactions and processes.