1. 7. Integrations

Identity management: SSO + user provisioning in LogiqcQMS for Azure AD

This article provides background information required to plan the implementation of Single Sign On (SSO) and user provisioning. It also contains a link to the SSO configuration manual.

Single Sign On (SSO) with User provisioning is an additional add-on, available for purchase.  It is only available for organisations that use Azure Active Directory for identity management.  

Contact us if you are interested in learning more about this product.


Background information of the SSO implementation process

To implement SSO and provision your Logiqc users, your IT Admin will create a Logiqc Enterprise application in your organisations AAD.  They will connect this application to your Logiqc platform.  User accounts added to the enterprise application will be provisioned into the platform.  Once they are provisioned, users will authenticate into the platform via their AAD user account.

Implementing SSO and provisioning your users does not require any system down time.  You can schedule the implementation at a time that suits your organisation.

The configuration steps are set out in the configuration manual which you can download via the link at the bottom of this article.

Once you have implemented SSO, you will no longer need to manually create user accounts in the Logiqc platform.  New user accounts will be provisioned into the platform via the Enterprise application.  A Logiqc administrator will activate newly provisioned accounts and set them up with their appropriate access.


Pre implementation steps

The following are recommended steps you should take prior to implementing SSO and User provisioning.

  1. Create an external administrator account for the person (IT Admin) who is responsible for managing your Azure Active Directory (AAD) and provide them with the SSO configuration manual.
    1. The external admin account requires the following permissions:
      • Edit System settings
      • Edit API keys
      Click on the following link for instructions:  
      Setting up an account for external administrators and auditors
  2. Provide a list users from your organisation who require access to the Logiqc platform to the IT Administrator.
    Note: Ensure your IT admin only provisions these user accounts and not other AAD objects such as fax machines, printers etc.  Accounts added into Logiqc cannot be deleted.
  3. Provisioning existing Logiqc user accounts:
    1. Check all current Logiqc user accounts to ensure these accounts all have a valid and unique email addresses.
    2. Ensure no users are sharing the same email address – e.g., reception@ admin@.
    3. Ensure users email addresses in their Logiqc user accounts are an exact match to their AAD email address.
    4. Clean up your user account list by deactivating any old user accounts you won’t be provisioning.
  4. Provisioning new Logiqc user accounts:

    There is no need for you to manually create new user accounts in the Logiqc platform before implementing SSO. The process of adding new users will be handled by your IT admin through the user provisioning process covered in the SSO configuration manual.

Post implementation of SSO

Below is information you will need to be familiar with once SSO has been implemented.

  • New Logiqc user accounts – When new user accounts are provisioned into the Logiqc platform, they will be inactive. Click on this link for instructions regarding activating provisioned user accounts. 
  • Existing Logiqc user accounts – After provisioning existing user accounts, these users will be able to authenticate themselves by using their AAD user account when accessing the Logiqc platform. This means they no longer need to log into the platform using a local Logiqc username and password.
  • Adding new users once SSO has been implemented – To add new users to your platform, your IT Admin will add their AAD account to the Logiqc Enterprise application in AAD. Once provisioned, the account will have an inactive status in the Logiqc platform and will be marked as 'Awaiting activation'. The account is now ready to be activated.  Click on this link for instructions regarding activating provisioned user accounts. 
  • Removing users once SSO has been implemented – Your IT Admin will remove your user from the Logiqc Enterprise application in AAD. This will deactivate their Logiqc user account preventing access to the platform.
  • External user access post SSO implementation. – For external users such as auditors or network administrators who won’t have access to Logiqc via SSO, local accounts can be added using the external user licence. Once these accounts have been set up, the user must access Logiqc locally. To log into the platform locally, add "/login" to the end of your Logiqc URL. E.g. https://YOUR_URL.logiqc.com.au/login. This will take the user to the Logiqc login screen where they will login using the Logiqc username and password that has been provided. 

SSO and User provisioning manual

Click on the image below to download the SSO and User provisioning manual. 

Reminder:  SSO is a paid add on and must be configured in your platform before you will be able to implement this feature.

doc

doc_674 v6 (Last updated 12/02/2024)