Skip to content

Single Sign-On

Single Sign-On integrations with QReserve allow your users to authenticate and create or link QReserve accounts automatically. No new password or login credentials required!

Setting Up Single Sign-On

QReserve supports single sign-on integrations via SAML2 and Shibboleth. Please contact us to inquire about the steps involved with setting up your institution with Single Sign-On.

Okta

Please visit the Okta Integration page for instructions.

Microsoft Azure

Please visit Microsoft Azure's QReserve Integration page for instructions.

Microsoft ADFS

Please visit the ADFS Integration page for instructions.

SAML 2.0

QReserve supports single sign-on using the SAML 2.0 protocol and can interface with both on-site and cloud-based SAML 2.0 authentication platforms such as Google Workplace, Azure AD, and Okta. Typically a persistent ID and, if different, an email address can be released as metadata when creating this integration. When configuring your SSO integration please ensure that the message is signed.

SAML 2.0 Metadata

When setting up an SSO integration with QReserve, you will require our metadata and we will require yours. If desired, a pre-production testing environment can be used to test a new integration before going live. Please speak with your account representative to coordinate your new SSO integration.

Supported Attributes

QReserve supports receiving the following attributes from IDPs. Please ensure the attributes are named by their respective urn:oid namespace values and not the friendly name because the urn:oid values are consistent across implementations.

Friendly NameNameRequired
eduPersonTargetedID urn:oid:1.3.6.1.4.1.5923.1.1.1.10 Yes
email urn:oid:0.9.2342.19200300.100.1.3 Yes
eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6 No
displayName urn:oid:2.16.840.1.113730.3.1.241 No
cn (Common Name) urn:oid:2.5.4.3 No
sn (Surname) urn:oid:2.5.4.4 No
givenName urn:oid:2.5.4.42 No

Shibboleth 2.0

QReserve also supports the Shibboleth 2.0 extensions on SAML 2.0 widely adopted by educational institutions around the world. QReserve is a registered Service Provider (SP) through the Canadian Access Federation where you may obtain our Entity Metadata for use in adding QReserve as a trusted service provider at your organization.

QReserve has membership in the following federations:

  • CAF Federation
  • eduGAIN
  • InCommon Federation
  • SWAMID Federation
  • UK Access Management Federation

QReserve requires a persistent, unique identifier for each identity in order to provide integration with a Shibboleth Identity Provider. This identifier is often available in eduPersonTargetedID but can vary institution to institution. Optionally, an email address may also be provided.

Managing Single Sign-On Users

If your institution has single sign-on integrated with QReserve then users are able to authenticate themselves using your institution's authentication platform. A sibling QReserve account is automatically created and populated with the email address provided through your institution's single sign-on platform if available, or, users are asked to provide one upon first logging in.

When users first sign-in through single sign-on, they will have a normal QReserve account without any memberships. At this point, users are able to join sites by searching for them or by being added manually be site administrators.

Pre-Adding Users

Users can be pre-added to your site prior to them signing in via single sign-on by adding the users directly to your site with the normal means (see Adding Users for details). When users are added to your site, they will receive an email prompting them to create a QReserve account and they may then do so either by setting a QReserve password or by logging in via the Sign In With Partner link on the login page.

To make signing in easier for your users, you can provide a link directly to your Single Sign-In login page that bypasses users having to select your institution manually. Please contact your QReserve representative to set this up.

Submitting Single Sign-On Information

Once your account is ready to progress, please use this form to submit your information.