Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Connecting Google Workspace and Q.wiki (SAML)

            Modified on Tue, 28 Jan at 3:29 PM

            These instructions are intended for IT professionals. They support the independent connection of Q.wiki to Microsoft Entra ID. If anything is unclear, instructions from Microsoft or Q.wiki support can help.


            We strongly recommend using SCIM and OIDC for user provisioning and single sign-on. SCIM provisions all selected users “just in case” and thus enables users to be assigned content and authorizations in Q.wiki before they log in to Q.wiki for the first time. This is not possible with SAML and “just in time” provisioning.


            You need key user rights to perform the following steps

             

            Recommendation and general information

            Limitations

            Migrating existing Topic/LDAP users

            When connecting Entra ID, existing Q.wiki users with a matching email address are migrated. The migrated users are updated with the data from Entra ID and from this point on are managed by it.


            Migrated users can log in using the button “Use company login”. It is no longer possible to log in with a username and password.


            Setting up an “emergency account”

            Should Google experience a malfunction, or should the secret token expire, registration will only be possible via users manually created in Q.wiki. For this reason, it is recommended to add a manually managed account to the KeyUser group. This account must have a valid email address and must not be provisioned via Google; an impersonal email address such as “service@”, “it-support@” is recommended. If the key has already expired, please read the following article: 401 Unauthorized error message when logging in.


            Linking the users and groups (SAML provisioning and authentication)

            We recommend this documentation by Google for setting up user authentication and provisioning:

            https://support.google.com/a/answer/6087519?hl=de#zippy=%2Cschritt-benutzerdefinierte-saml-app-hinzuf%C3%BCgen

            Provisioning

            With SAML authentication set up, so-called just-in-time provisioning is active. User accounts are automatically created in Q.wiki when they log in for the first time. Provisioning can be deactivated in User administration, 3-point menu, Configure provisioning:


            Authentication

            In User administration, 3-point menu, Connect Identity Provider (IdP), select "SAML Configuration":

            The ACS must be inserted in the IdP Configuration, the Entity ID must be the same on both sides. A good value is the public endpoint for SAML metadata of your tenant https://YOU.qwikinow.de/saml/sp/metadata.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0