If the identification information (for authentication purposes) could be shared between systems, it wouldn't be necessary to do it for each anymore, and Users would be released from the trouble of managing multiple passwords. Questetra is capable of allowing Users who have been authenticated in "G Suite", the Cloud based office suite, to log into Questetra without password.
1. Overviews of Specification of Federated Authentication
- a. OpenID Connect
- Specified by "OpenID Foundation" which promotes development of safe websites and mobile profile. (REST)
- b. SAML
- Specified by "OASIS", an organization which promotes business standards. (XML based data exchange)
- Systems which manage user identities and perform identification (authentication) are collectively referred to as "Id Provider (IdP)"
- Systems which provide any service to authenticated users are collectively referred to as "Service Provider (SP)"
- BPM system (Questetra) will behave as SP. (It cannot be used as IdP)
- The email address will be used as user identification (ID/ identifier) for exchanging authentication information
- For the authentication method (e.g. Multi-factor authentication), refer to the instructions of respective authentication services
2. Set up Federation on the IdP side of OpenID in advance
- 1. Enable API access
- Enable API access that is used for data exchanging of "OpenID Connect"
- The "OpenID Connect IdP" which Questetra is capable of federation with is "G Suite", only. (as of Jan., 2016)
- OpenID Connect is also referred to as "OAuth 2.0 for Login" or "OAuth and OpenID Connect"
- In the G Suite, enable access to Administrative APIs. (Administrator Privilege is required)
- (Due to the specification change of Google Apps, "OpenID 2.0" is not available since May, 2014.)
3. Register the Information of IdP that Federate with
- 1. Set up Domain
- Enter your domain into [G Suite Connectivity] setting menu (e.g.: example.com)
- 2. Run a Login Test
- Move to Questetra's login page and confirm G Suite login
- Various features collaborated with G Suite are available at the same time
4. Disable the Password Authentication of Questetra (Optional)
- 1. Disable Login with Password
- Put a Check to [Disable Password Authentication], if you wanted to do so
- 2. Confirm the Login Page
- Confirm if Password Login is hidden
- Users cannot login with a password and ID which are configured in Questetra
- However, Users with [System Administrator Authorization] can login with their ID and password. (E.g. Fault on IdP side)