SSO Integration
This page covers Single Sign-On (SSO) integration with QLAM for enterprise environments.
Overview
QLAM supports integration with enterprise identity providers (IdPs) through federated authentication. This allows your organization to:
- Use existing corporate credentials to access QLAM
- Enforce your organization's authentication policies (MFA, password requirements, etc.)
- Centrally manage user access through your IdP
- Maintain audit trails in your existing identity infrastructure
SSO integration uses industry-standard protocols (SAML 2.0, OpenID Connect) to connect your identity provider with QLAM's authentication system.
How It Works
- User initiates login - User attempts to authenticate with QLAM
- Redirect to IdP - QLAM redirects the user to your organization's identity provider
- User authenticates - User logs in using corporate credentials (with MFA if configured)
- IdP returns assertion - Your IdP sends an authentication assertion back to QLAM
- QLAM issues tokens - QLAM validates the assertion and issues access/refresh tokens
From the user's perspective, they simply log in with their normal corporate credentials.
Supported Identity Providers
QLAM can integrate with any identity provider that supports standard protocols:
| Provider | Protocol |
|---|---|
| Okta | SAML 2.0, OIDC |
| Microsoft Entra ID (Azure AD) | SAML 2.0, OIDC |
| Google Workspace | SAML 2.0, OIDC |
| PingFederate | SAML 2.0, OIDC |
| Auth0 | SAML 2.0, OIDC |
| OneLogin | SAML 2.0, OIDC |
| ADFS | SAML 2.0 |
Other SAML 2.0 or OIDC-compliant identity providers can also be configured.
Configuration
SSO integration requires coordination between your organization and QuEra. The general process is:
- Contact QuEra - Reach out to your QuEra account team to initiate SSO setup
- Exchange metadata - Provide your IdP metadata; receive QLAM service provider metadata
- Configure your IdP - Set up QLAM as a trusted application in your identity provider
- Configure attribute mapping - Map user attributes (email, name, groups) to QLAM claims
- Test integration - Validate the SSO flow in a test environment
- Enable for users - Roll out SSO access to your team
Enterprise Feature
SSO integration is available for enterprise deployments. Contact your QuEra account team to discuss your requirements.
User Experience
Once SSO is configured, users authenticate using the same OAuth2 flows (Authorization Code, Device Code) but are redirected to your corporate login page instead of the default QLAM login.
QLAM Shell and other clients work seamlessly with SSO—no client-side configuration changes are needed.
Next Steps
- Authentication Guide - Choose the right auth method for your use case
- Authentication Reference - Technical details for each flow