7.1. Admin SAML Configuration (IdP SSO)

Admin SAML Configuration

This option gives customers the ability to use SAML SSO to access the eQuest admin tool, eliminating the need for manual login.

NOTE: This is Identity Provider (IdP) SSO, not Service Provider initiated SSO.

The SAML SSO login standard also has these significant advantages over standard login:

  • No need to type in credentials
  • No need to remember and renew passwords
  • No weak passwords

SAML Identity Provider Setup

  • Create x509 Private Key Pair
  • Create SAML link


SAML Link Attributes


SAML Version: 2.0
Message Signing: Assertion Only
Signature Method: SHA256
Name Identifier: Email Address
x509 Private Key Pair: assign the key pair created in step above
Assertion URL: see section below
Service Provider Metadata URL: see section below

eQuest-Side Configuration

You will need access to the eQuest admin tool to Enable SSO, access the Assertion & Metadata URL's, and load the public key.

While in eQuest admin, navigate to Advanced Settings > select "Saml SSO Configuration".

Here you can get the Assertion Url and Metadata Url.


eQuest SAML Setup



  • Check "Enable SSO" box
  • Click the “From cert ... ” button in the Fingerprint field
    • Paste public certificate from step above (complete with begin and end certificate, and leading and trailing hyphens)

  • Save — after saving, the certificate will be converted into your Fingerprint

eQuest Admin Account Setup

Finally, you will need eQuest admin accounts (created by eQuest support) for each individual that will require admin access.

Email address is key as it's used for the SAML authentication.


You can verify "Account Email" in the Admin account profile matches the email address that eQuest should receive in the SAML request.

Account Email field within Admin Account Profile (this value is used in the SAML authentication)

Verify the SAML Connection

Once everything is configured as outlined above, you should be able to connect to eQuest admin via your SAML link.

IMPORTANT: this is iDP-initiated SAML SSO, which means the request with SAML assertions must come from your server. Simply clicking on the SAML link is not going to authenticate you since the SAML assertion would not be included in the request.

Testing vs Production

If you must configure SAML in the eQuest testing environment, be aware that the Assertion and Metadata Url's are specific to each environment.

This page was:

Helpful | Not Helpful