SAML and Identity Provider

This topic refers to functionality that is only available to accounts on the Quick Base Platform or Quick Base Unlimited plans. If you do not see the functionality described here, either your account or realm has not been configured to show it, or your account is not on one of those plans.

Configuring your Identity Provider (IdP) for SAML

To enable single sign-on (SSO) to Quick Base, you must first configure an IdP that can communicate with your corporate access system using SAML 2.0. The IdP's purpose is to securely maintain user identity information and authenticate users through the corporate access system.

The following diagram shows what occurs when a user attempts to log in to Quick Base with SAML authentication.

 

When a user attempts to access Quick Base and is not yet authenticated, Quick Base sends an authentication request (AuthnRequest) to the Identity Provider. This request contains:

  • Issuer – urn:oasis:names:tc:SAML:2.0:assertion

  • Destination – The single sign-on URL on the Identity Provider side

  • AssertionConsumerService – The URL of the Quick Base service that communicates with the Identity Provider (https://<realmhostname>.quickbase.com/saml/SSOAssert.aspx)

If the user is a valid user, the Identity Provider sends back an XML response called the SAML assertion that positively identifies the user. Otherwise, an error message provided by the IdP displays for the user.

Related Topics: