Single Sign-On integrations with QReserve allow your users to authenticate and create or link QReserve accounts automatically. No new password or login credentials required!
Setting Up Single Sign-OnQReserve supports single sign-on integrations via SAML2 and Shibboleth. Please contact us to inquire about the steps involved with setting up your institution with Single Sign-On.
Okta
Please visit the Okta Integration page for instructions.
Microsoft Azure
Please visit Microsoft Azure's QReserve Integration page for instructions.
Microsoft ADFS
Please visit the ADFS Integration page for instructions.
SAML 2.0
QReserve supports single sign-on using the SAML 2.0 protocol and can interface with both on-site and cloud-based SAML 2.0 authentication platforms such as Google Workplace, Azure AD, and Okta. Typically a persistent ID and, if different, an email address can be released as metadata when creating this integration. When configuring your SSO integration please ensure that the message is signed.
SAML 2.0 Metadata
When setting up an SSO integration with QReserve, you will require our metadata and we will require yours. If desired, a pre-production testing environment can be used to test a new integration before going live. Please speak with your account representative to coordinate your new SSO integration.
Supported Attributes
QReserve supports receiving the following attributes from IDPs. Please ensure the attributes are named by their respective
urn:oid
namespace values and not the friendly name because theurn:oid
values are consistent across implementations.
Friendly Name Name Required eduPersonTargetedID urn:oid:1.3.6.1.4.1.5923.1.1.1.10
Yes urn:oid:0.9.2342.19200300.100.1.3
Yes eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6
No displayName urn:oid:2.16.840.1.113730.3.1.241
No cn (Common Name) urn:oid:2.5.4.3
No sn (Surname) urn:oid:2.5.4.4
No givenName urn:oid:2.5.4.42
No Shibboleth 2.0
QReserve also supports the Shibboleth 2.0 extensions on SAML 2.0 widely adopted by educational institutions around the world. QReserve is a registered Service Provider (SP) through the Canadian Access Federation where you may obtain our Entity Metadata for use in adding QReserve as a trusted service provider at your organization.
QReserve has membership in the following federations:
- CAF Federation
- eduGAIN
- InCommon Federation
- SWAMID Federation
- UK Access Management Federation
QReserve requires a persistent, unique identifier for each identity in order to provide integration with a Shibboleth Identity Provider. This identifier is often available in
eduPersonTargetedID
but can vary institution to institution. Optionally, an email address may also be provided.Managing Single Sign-On Users
If your institution has single sign-on integrated with QReserve then users are able to authenticate themselves using your institution's authentication platform. A sibling QReserve account is automatically created and populated with the email address provided through your institution's single sign-on platform if available, or, users are asked to provide one upon first logging in.
When users first sign-in through single sign-on, they will have a normal QReserve account without any memberships. At this point, users are able to join sites by searching for them or by being added manually be site administrators.
Pre-Adding Users
Users can be pre-added to your site prior to them signing in via single sign-on by adding the users directly to your site with the normal means (see Adding Users for details). When users are added to your site, they will receive an email prompting them to create a QReserve account and they may then do so either by setting a QReserve password or by logging in via the Sign In With Partner link on the login page.
Providing a Quick Sign-In Link
To make signing in easier for your users, you can provide a link directly to your Single Sign-In login page that bypasses users having to select your institution manually. Please contact your QReserve representative to set this up.
Submitting Single Sign-On Information
Once your account is ready to progress, please use this form to submit your information.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article