Single Sign-On integrations with QReserve allow your users to authenticate and create or link QReserve accounts automatically. No new password or login credentials required!
QReserve supports single sign-on integrations via SAML2 and Shibboleth. Please contact us to inquire about the steps involved with setting up your institution with Single Sign-On.
Please visit Okta's QReserve Integration page for instructions.
Please visit Microsoft Azure's QReserve Integration page for instructions.
QReserve supports single sign-on using the SAML 2.0 protocol and can interface with both on-site and cloud-based SAML 2.0 authentication platforms such as Google Workplace, Azure AD, and Okta. Typically a persistent ID and, if different, an email address can be released as metadata when creating this integration. When configuring your SSO integration please ensure that the message is signed.
When setting up an SSO integration with QReserve, you will require our metadata and we will require yours. If desired, a pre-production testing environment can be used to test a new integration before going live. Please speak with your account representative to coordinate your new SSO integration.
QReserve supports receiving the following attributes from IDPs. Please ensure the attributes are named by their respective
urn:oid namespace values and not the friendly name because the
urn:oid values are consistent across implementations.
|cn (Common Name)||
QReserve also supports the Shibboleth 2.0 extensions on SAML 2.0 widely adopted by educational institutions around the world. QReserve is a registered Service Provider (SP) through the Canadian Access Federation where you may obtain our Trust Assertion Document (TAD) and also access our Entity Metadata for use in adding QReserve as a trusted service provider at your organization.
QReserve has membership in the following federations:
- CAF Federation
- InCommon Federation
- SWAMID Federation
- UK Access Management Federation
QReserve requires a persistent, unique identifier for each identity in order to
provide integration with a Shibboleth Identity Provider. This identifier is
often available in
eduPersonTargetedID but can vary institution to
institution. Optionally, an email address may also be provided.
If your institution has single sign-on integrated with QReserve then users are able to authenticate themselves using your institution's authentication platform. A sibling QReserve account is automatically created and populated with the email address provided through your institution's single sign-on platform if available, or, users are asked to provide one upon first logging in.
When users first sign-in through single sign-on, they will have a normal QReserve account without any memberships. At this point, users are able to join sites by searching for them or by being added manually be site administrators.
Users can be pre-added to your site prior to them signing in via single sign-on by adding the users directly to your site with the normal means (see Adding Users for details). When users are added to your site, they will receive an email prompting them to create a QReserve account and they may then do so either by setting a QReserve password or by logging in via the Sign In With Partner link on the login page.
To make signing in easier for your users, you can provide a link directly to your Single Sign-In login page that bypasses users having to select your institution manually. Please contact your QReserve representative to set this up.
Once your account is ready to progress, please use this form to submit your information.