Single Sign-On with Microsoft Entra ID (previously known as Azure Active Directory)

To get started, you will need the qibb IdP URL, which will be used by redirects between qibb’s Sign in Page and your Identity Provider. You can reach out to our Support Team to retrieve the qibb IdP URL.

You will need to register an app in Azure Entra ID with type “Web Application” and using the qibb IdP URL. Follow the official guide of Microsoft.

You can restrict access to qibb for a specific set of users by following this guide.

Create a new Client Secret and note down the secret value. This needs to be shared with our Support Team in next step.

Provide the Application ID, Tenant ID and Client Secret Value of the newly registered app to our Support Team, which will use this data to complete the setup.

Group mapping enables you to determine the specific Qibb permissions that a group of users should receive automatically (such as an assignment to a qibb group), depending on their membership in an Active Directory group.

You will need to configure group attributes in Microsoft Entra for the registered application by following this guide.

Provide a list of the SID (Security Identifier) for each Active Directory group, which shall be mapped to a desired group in qibb, to our Support Team. A set of default groups and patterns are available

Once the group mapping is set up using the SID, members of that specific group will be automatically assigned to the corresponding Qibb group after each login.

If you wish to change or extend the group mapping in future, contact our Support Team with the request to update the configuration.