Skip to main content

User management overview

Qmatic Experience Cloud uses SAML (Security Assertion Markup Language) for authentication and authorization of users. SAML is an open standard for exchanging authentication and authorization data between an an identity provider and a service provider. This means that all users are managed in an external identity provider such as Microsoft Entra ID, and no users are added directly in the Qmatic system.

Users, roles and access modules

All users need to be assigned to one or several roles to be able to use the system. The following applies to the relationships between the users, roles, access modules:

  • Users in the identity provider are assigned one or more roles by being added to an auth group that is mapped to one or several roles.

  • A role consists of one or more access modules.

  • An access module targets a specific functional area in the Qmatic system.

user_management_roles_modules.png

SAML setup overview

On a high level, the authentication and authorization of users are set up like this:

  1. Configure trust between identity provider (e.g. Microsoft Entra ID) and service provider (Qmatic system).

  2. Create user groups for roles, branches and services in the identity provider.

  3. Map the groups to roles, branches and services in the Qmatic system.

Supported identity providers

Qmatic Experience Cloud supports all identity providers that use the SAML protocol.

In this section: