Single Sign-On integrations with QReserve create new user accounts on an ad-hoc basis or allow you to pre-register user accounts within your site.
Setting Up Single Sign-On
QReserve supports single sign-on integrations via SAML2 and Shibboleth. Please contact us to inquire about the steps involved with setting up your institution with Single Sign-On.
QReserve supports single sign-on using the SAML 2.0 protocol and can interface with both on-site and cloud based SAML 2.0 authentication platforms including Google's GSuite. Typically a persistent ID and, if different, an email address can be released as metadata when creating this integration.
QReserve also supports the Shibboleth 2.0 extensions on SAML 2.0 widely adopted by educational institutions around the world. QReserve is a registered Service Provider (SP) through the Canadian Access Federation where you may obtain our Trust Assertion Document (TAD) and also access our Entity Metadata for use in adding QReserve as a trusted service provider at your organization.
QReserve has membership in the following federations:
- CAF Federation
- InCommon Federation
- SWAMID Federation
- UK Access Management Federation
QReserve requires a persistent, unique identifier for each identity in order to
provide integration with a Shibboleth Identity Provider. This identifier is
often available in
eduPersonTargetedID but can vary institution to
institution. Optionally, an email address may also be provided.
Mangaging Single Sign-On Users
If your institution has single sign-on integrated with QReserve then users are able to authenticate themselves using your institution's authentication platform. A sibling QReserve account is automatically created and populated with the email address provided through your institution's single sign-on platform if available, or, users are asked to provide one upon first logging in.
When users first sign-in through single sign-on, they will have a normal QReserve account without any memberships. At this point, users are able to join sites by searching for them or by being added manually be site administrators.
Users can be pre-added to your site prior to them signing in via single sign-on by adding the users directly to your site with the normal means (see Adding Users for details). When users are added to your site, they will receive an email prompting them to create a QReserve account and they may then do so either by setting a QReserve password or by logging in via the Sign In With Partner link on the login page.
Providing a Quick Sign-In Link
To make signing in easier for your users, you can provide a link directly to your Single Sign-In login page that bypasses users having to select your institution manually. The link will be in the format of:
https://my.qreserve.com/login?idp_entity_name=*YOUR ENTITY ID*
Please contact your QReserve representative to confirm what your entity ID is.