Please send this information to firstname.lastname@example.org with copying your key account administrators. We will coordinate launch date for sandbox and go-live for production thereafter.
(IdP = identity provider, SP = service provider)
From the member/client for entry into ZenQMS:
- IdP Entity ID
- IdP Certificate file
- For ADFS: In the ADFS 2.0 MMC snap-in select the certificates node and double click the token-signing certificate to view it. Click the 'Details' tab then 'Copy to File'. Save the certificate in DER format.
- IdP login URL (e.g. https://adfs.phakepharma.com/adfs/ls/)
- The Subject Name ID in the SAML response must be set to the user's email address or the email address must be included as an attribute. If the email address is included as an attribute, we need the name of that attribute.
From ZenQMS for member/client configuration (please confirm if this is what you expect from us):
- SP Entity ID
- In production, this will be “urn:zenqms:SSO”.
- In the "sandbox" environment, this will be "urn:zenqms:SSOSandbox".
- Assertion Consumer Service (ACS) URL
- In production, this will be “https://sso.zenqms.com/SAML/AssertionConsumerService”.
- In the "sandbox" environment, this will be "https://sso-sandbox.zenqms.com/SAML/AssertionConsumerService".
- (optional) SP Certificate file
- We can provide this if SAML requests need to be signed (Please confirm if you need requests to be signed)
If you have LDAP configured for e-signatures, this is the additional information we would need for that:
- Hostname or IP Address
- Port Number
- Authentication Type (e.g. Basic)
- Distinguished Name Pattern for Binding - If the username entered is insufficient detail for binding to the LDAP server, the DN pattern to use with the username entered (e.g. "uid=<username>,ou=Users,dc=phakepharma,dc=com")
For LDAP Queries (to verify that the email address of the credentials supplied match the email address in our system)
- Search Base DN (e.g. "DC=phakepharma,DC=com", the path from which all user accounts can be queried).
- DN and password of an account authorized to query the user's email address (needed only if users cannot query their own account).
- Query filter for returning only the relevant data containing the user's email address (e.g. "(objectClass=inetOrgPerson)" or "(cn=*)").
- List of username attributes that might be entered by users for authenticating/binding. For Active Directory this is usually "userPrincipalName" and "sAMAccountName". For other LDAP servers, this is often "uid".
- Name of the email address attribute returned by the query (e.g. "mail").
If you need to open firewall access to our servers to accommodate LDAP requests, these are the IP addresses we currently use for our environments:
- Production: 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
- Sandbox and Test: 22.214.171.124
Azure AD/Office 362 SSO Users:
You will need to use the tutorial found here to add it to your account and then send us the metadata URL so we can extract the signing cert and other info we need.