Federated Identity Authentication Information and Requirements

Benefits of using for Federated Identity for authentication and/or authorization:

QLess supports a number of different types of external authentication and authorization services.  Authentication allows an organization to specify which employees can login to the QLess system using specific userNames and passwords.  Authorization describes which QLess services this employee has access to provide to your clients or customers.

If your organization is already using a consolidated authentication and/or authorization repository, such as LDAP or Active Directory, QLess can integrate with these services to provide a seamless login process for your employees.  For example, your existing authentication server can be used as a central directory allowing your organization to easily add, update, or remove employees using your own business processes, rather than having to go through the QLess Command Center or QLess Support.  This has the added benefit of allowing your employees to login to QLess with the same username and password they use throughout your organization.  

QLess also provides support for Single Sign-On, or SSO.  This is a new feature which can be configured for your organization, on a per case basis.  Depending on your setup and existing infrastructure, custom software development charges may apply.

Requirements:

  • A supported Federated Identity server, hosted externally by either your organization or an 3rd party company.  This includes, but is not necessarily limited to: LDAP, Active Directory (AD), Active Directory Federated Services (ADFS), and other SAML, oAuth, or OpenID based services.  Note that while all service types support authentication services, not all support authorization services.
  • Access for your repository will be required to made available to QLess Support.  This includes the host/URL and port number of your server. A service account may also need to be made available to QLess.  This is usually a new account created specifically for QLess that has the ability to search your servers for your employees' information at login time.
  • If your organization would like to take advantage of the authorization features of Federated Identity, you may need to work with QLess Support to generate a mapping between the QLess user roles and your organization's own authorization structure.  This mapping would dictate how your roles should be mapped to QLess' own internal roles system.  The following is a comprehensive list of QLess roles currently available.  Note that roles can be set at either the location or the queue level, unless otherwise specified:
    • Ticket Taker: This employee can mark summoned customers as arrived.
    • Host: This employee can perform operations on behalf of a user (adding them to a queue, removing them from a queue, pushing back).
    • Resource Admin: This employee can summon customers from a queue.
    • Queue Admin: This employee can activate and deactivate queues.
    • Pass Seller: This employee can view reporting data.
    • Report Viewer (location level only): This employee can sell passes to your customers, if available for your configuration.
    • ENS Broadcaster (location level only): This employee can send messages through the Emergency Notification System, if available for your configuration.