Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Connecting Google Workspace and Q.wiki (SAML)

            Modified on Thu, 2 Apr at 4:21 PM

            This guide is intended for IT professionals and will help you integrate Q.wiki with Google Workspace independently.

            Important: We strongly recommend using SCIM and OIDC for user provisioning and single sign-on. SCIM provisions all selected users "just in case" and allows you to assign content and permissions to users in Q.wiki before they sign in for the first time. This is not possible with SAML and "just in time" provisioning.
            Prerequisite: You need Key User permissions to perform the following steps.

            Limitations

            When integrating Google Workspace, existing Q.wiki users with a matching email address are automatically migrated. Migrated users will be updated with data from Google Workspace and managed through this system from that point on.

            Migrated users must sign in using the Enterprise login button. Sign-in with username and password is no longer possible.

            Set up an emergency account

            If authentication via Google is not possible, sign-in is only available through user accounts created manually in Q.wiki. For this reason, we recommend adding a manually managed account to the KeyUserGroup. This account must have a valid email address and must not be provisioned via Google – a generic email address like "service@" or "it-support@" works well.

            Integrate SAML – Provision and authenticate users and groups

            To set up SAML provisioning and authentication, we recommend the Google guide (external).

            Configure provisioning

            With SAML authentication configured, "just in time" provisioning is active. User accounts are automatically created in Q.wiki when they sign in for the first time. You can disable automatic provisioning in User Management > 3-dot menu > Provisioning:

            Disable provisioning in the 3-dot menu of user management

            Set up SAML configuration

            Go to User Management > 3-dot menu > Connect Identity Provider (IdP) and open the SAML configuration:

            SAML configuration in user management

            Important fields

            ACS URL (Assertion Consumer Service): Required in the IdP configuration.

            Entity ID: Must match the IdP configuration. A proven value is the public endpoint for the SAML metadata of your system: https://YOURDOMAIN.qwikinow.de/saml/sp/metadata

            Name ID: Expected with the attribute name "email" (standard). Depending on your IdP, custom mapping may be required. The Name ID format is not prescribed.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0