Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Connecting Microsoft Azure AD / Entra ID and Q.wiki (SAML)

            Modified on Mon, 2 Dec at 3:03 PM

            These instructions are intended for IT professionals. They support the independent connection of Q.wiki to Microsoft Entra ID. If anything is unclear, instructions from Microsoft or Q.wiki support can help.


            We strongly recommend using SCIM and OIDC for user provisioning and single sign-on. SCIM provisions all selected users “just in case” and thus enables users to be assigned content and authorizations in Q.wiki before they log in to Q.wiki for the first time. This is not possible with SAML and “just in time” provisioning.


            You need key user rights to perform the following steps.

            TABLE OF CONTENTS

            Recommendation and general information

            Limitations

            Migrating existing Topic/LDAP users

            When connecting Entra ID, existing Q.wiki users with a matching email address are migrated. The migrated users are updated with the data from Entra ID and from this point on are managed by it.


            Migrated users can log in using the button “Use company login”. It is no longer possible to log in with a username and password.


            Setting up an “emergency account”

            Should Entra experience a malfunction, or should the secret token expire, registration will only be possible via users manually created in Q.wiki. For this reason, it is recommended to add a manually managed account to the KeyUser group. This account must have a valid email address and must not be provisioned via Azure; an impersonal email address such as “service@”, “it-support@” is recommended. If the key has already expired, please read the following article: 401 Unauthorized error message when logging in.


            Linking the Entra ID – users and groups (SAML provisioning and authentication)

            Provisioning

            With SAML authentication set up, so-called just-in-time provisioning is active. User accounts are automatically created in Q.wiki when they log in for the first time. Provisioning can be deactivated in User administration, 3-point menu, Configure provisioning:


            Authentication

            1. In Microsoft Entra ID, create a new Enterprise Application.
            2. Start Create your own application.
            3. Enter the name of the app and select Non-gallary.

                4. Click on Create.

                5. In the created app, select Single Sign-On and then SAML.

                6. Edit basic configuration:

            Copy ACS URL from the Q.wiki dialog:

            and insert as entity ID and response URL:

            7. Download the certificate from Entra and upload it to Q.wiki

            8. Under Users and Groups, select the users who should have access to Q.wiki.

            9. To display the user display name correctly, mapping from “name” to displayname is required. The claims may be edited in Single sign-on -> Attributes & Claims

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0