This option gives customers the ability to use SAML SSO to access the eQuest admin tool, eliminating the need for manual login.
NOTE: This is Identity Provider (IdP) SSO, not Service Provider initiated SSO.
The SAML SSO login standard also has these significant advantages over standard login:
SAML Version: 2.0
Message Signing: Assertion Only
Signature Method: SHA256
Name Identifier: Email Address
x509 Private Key Pair: assign the key pair created in step above
Assertion URL: see section below
Service Provider Metadata URL: see section below
You will need access to the eQuest admin tool to Enable SSO, access the Assertion & Metadata URL's, and load the public key.
While in eQuest admin, navigate to Advanced Settings > select "Saml SSO Configuration".
Here you can get the Assertion Url and Metadata Url.
Finally, you will need eQuest admin accounts (created by eQuest support) for each individual that will require admin access.
Email address is key as it's used for the SAML authentication.
You can verify "Account Email" in the Admin account profile matches the email address that eQuest should receive in the SAML request.
Account Email field within Admin Account Profile (this value is used in the SAML authentication)
Once everything is configured as outlined above, you should be able to connect to eQuest admin via your SAML link.
IMPORTANT: this is iDP-initiated SAML SSO, which means the request with SAML assertions must come from your server. Simply clicking on the SAML link is not going to authenticate you since the SAML assertion would not be included in the request.
If you must configure SAML in the eQuest testing environment, be aware that the Assertion and Metadata Url's are specific to each environment.