Who is this article for?
IT personnel responsible for managing users via Ideagen Home.
Access to Ideagen Home Users is needed.
Single Sign-On (SSO) allows users to log in to products from Ideagen Home using credentials they are already familiar with. Normally this means IT are responsible for managing the credentials and end users have less credentials to remember, thereby reducing the number of ‘forgotten password’ issues. You can also ensure that they meet your password management policies.
Please note that Ideagen Home doesn't support SAML and currently only supports OpenID Connect. You must ensure you have completed the OpenID Connect application before configuration of SSO can begin.
Within this article we will be discussing how to set up and configure SSO in Ideagen Home.
This article is split into 5 sections:
- How to Enable Your System for SSO
- How to Download the User Import CSV
- How to Import User CSV
- Configure User Security
- Further Reading
1. How to Enable Your System for SSO
Before you can begin, your Q-Pulse Cloud system must be enabled for SSO authentication. This is turned off by default and can only be enabled by Ideagen Support.
In order to have SSO enabled you will need to provide us with the following information from your SSO provider:
- metadataEndpoint (this will end .well-known/openid-configuration)
- clientSecret - this is normally the value not the ID
Once you have this information, please submit a ticket via the Customer Portal or by telephone using any of these numbers.
Note: We cannot enable SSO without the above information.
2. How to Download the User Import CSV
The user CSV must be correctly formatted in order to be imported. This can be done programmatically if you are exporting the users from another system or this can be done manually using a CSV editor.
Example: An example CSV template can be downloaded here
3. How to Import User CSV
Important: the CSV file needs to be a live file rather than an update file. If you have 100 users already using Q-Pulse Cloud and you want to add 15 more then your CSV must have 115 users within it. Any active users who are not on the CSV will be archived.
When running a user import, there are two methods to log in to the system.
- The traditional method using an email & password
- Via SSO (Single Sign On)
On the assumption we are looking to use SSO and we have provided the necessary information to Ideagen to get this set up, we then need to import the user profiles with their relevant ObjectIDs. This is essentially the unique identifier QPulse uses to recognise the Users.
To import users using a CSV:
- Log in to Ideagen Home.
- Click on Users.
- Click Imports.
- Click New Import.
- Click Choose file and then select your CSV file (or drag and drop your CSV onto the upload pane)
- Follow the on-screen instructions.
With the upload is in progress, you will then see the status of the import taking place:
|Uploaded||The CSV file is uploaded and saved within Ideagen Home|
|Validation||The CSV file is being validated to make sure it is in the correct format. The CSV will be updated to highlight any errors if it fails validation|
|Parsing||After successful validation, the file will be parsed into the SyncUser service. The CSV file will be updated to highlight any errors if parsing fails. It will be deleted once this has completed successfully.|
|Confirmed||The upload has been confirmed and is in progress|
4. How to Configure Security
When the users have been imported into Ideagen Home they will then be available within each Ideagen product serviced from Ideagen Home. It is important that security is then configured within each product.
5. Further Reading