If the identification information (for authentication purposes) could be shared between systems it wouldn't be necessary to do it for each system anymore, and Users would be released from the trouble of managing multiple passwords. Questetra is capable of allowing Users who have been authenticated in G Suite, the Cloud based office suite, to log into Questetra without a password.
1. Overviews of Specification of Federated Authentication
- a. OpenID Connect
- Specified by "OpenID Foundation" which promotes development of safe websites and mobile profiles. (REST)
- b. SAML
- Specified by "OASIS", an organization which promotes business standards. (XML based data exchange)
- Systems which manage user identities and perform identification (authentication) are collectively referred to as "Id Providers (IdP)"
- Systems which provide any service to authenticated users are collectively referred to as "Service Providers (SP)"
- BPM system (Questetra) will behave as an SP (it cannot be used as an IdP)
- The email address will be used as user identification (ID/ identifier) for exchanging authentication information
- For the authentication method (e.g. multi-factor authentication) refer to the instructions of respective authentication services
2. Set up Cooperation Permission on the IdP side of OpenID in advance
- 1. Enable API access
- Enable API access that is used for OpenID Connect data exchange
- The only OpenID Connect IdP which Questetra is capable of cooperating with is G Suite. (as of Jan. 2016)
- OpenID Connect is also referred to as "OAuth 2.0 for Login" or "OAuth and OpenID Connect"
- In the G Suite enable access to Administrative APIs (Administrator Privilege is required)
- Due to the specification change of Google Apps OpenID 2.0 is not available since May 2014
3. Register the Information of a Linked IdP
- 1. Set up the Domain
- Enter your domain into the [G Suite Connectivity] settings menu (e.g. example.com)
- 2. Run a Login Test
- Move to Questetra's login page and confirm G Suite login
- Various collaboration features with G Suite are available
- Reference: Utilizing Google Drive from Workflow – Sending files to people outside the company
4. Disable Questetra's Password Authentication (Optional)
- 1. Disable Login with Password
- Check [Prohibit password login] if necessary
- 2. Confirm the Login Page
- Confirm if Password Login is hidden
- Users will be unable to login with a password and ID which are configured in Questetra
- However, Users with [System Administrator Authorization] can login with their ID and password (e.g. in the event of a fault on the IdP side)