This topic refers to functionality that is only available to accounts on the Quick Base Platform or Quick Base Unlimited plans. If you do not see the functionality described here, either your account or realm has not been configured to show it, or your account is not on one of those plans.
As an alternative to configuring SAML within Quick Base, you may decide to contact Quick Base Customer Care to assist you.
Your organization’s IT department must first configure a SAML IdP that will communicate with your corporate access system, using the SAML assertion details required. Then you should contact your Quick Base Account Executive or Customer Success Manager to provide those details.
Provide IdP details to Customer Care
When the IdP configuration is complete, contact Quick Base Customer Care to provide the following IdP details:
Entity ID* – This identifies the asset or realm you are trying to access. You should use your realm URL, for example entityID="https://samltest.quickbase.com".
Sign-in URL* – This URL is used by Quick Base to request authentication from the IdP (Destination in the AuthnRequest). It redirects the user to the client company's login page.
Sign-out URL – The URL that redirects the user to a web page after logging out of Quick Base.
Provider Name* – How Quick Base is identified in your IdP logs, for example Quick Base.
Support page URL* – A URL that redirects authentication issues to an internal IT tracking website.
Text for support link* – A name in your IT department that provides your employees with a point of contact to report SSO errors.
Public Certificate* – The Identity Provider’s X.509 authentication certificate used to sign the SAML assertion XML before sending it to Quick Base.
* indicates a required item
After Quick Base Customer Care receives your IdP information and before SSO SAML is pushed to your live production realm account, they perform the following steps to test the SSO SAML settings:
Customer Care schedules a call with you during the work week (Monday through Friday) to schedule a test to ensure that everything is working properly. Note: Customer Care requires 24 to 48 hours lead time to schedule the test. To test or implement changes during off hours, Customer Care can accommodate on a case by case basis.
Customer Care creates a test realm account environment to configure the SAML settings.
After a successful test on the test realm account, Customer Care implements the same setup on the live realm account.
Contact Quick Base Customer Care or your Sales Engineer to supply a list of the email domains registered with your company. Users provisioned or invited into your realm with email addresses matching the company's email domain are required to authenticate through SAML. If you have existing Quick Base users, verify that their email addresses in Quick Base match the email addresses sent by the SAML IdP.
Important: The first time a user authenticates using SAML, Quick Base searches for an exact email address match to determine who (Quick Base user) is signing in. The email address in Quick Base must match the one that the SAML lIdP sends.
If the email addresses don't match the email addresses sent by the SAML IdP (for example, email@example.com and firstname.lastname@example.org), Quick Base won't recognize the sign-inattempt from the existing user, and will create a new user who won't have access to any of the existing user's apps. Quick Base treats the user as a new user when they sign in, and all of their Quick Base history is lost.
- SAML authentication overview
- SAML and API access to Quick Base
- SAML assertion example
- Configuring SAML in Quick Base
- SAML and Identity Provider
Did this help you? Give us a rating:
© 1999-2020 QuickBase, Inc. All rights reserved. Legal Notices.