M309 FEDERATION
Last updated Oct 03, 2016

Enable Login Function using External Authentication service (OpenID)

If the identification information (for authentication purposes) could be shared between systems, it wouldn't be necessary to do it for each anymore, and Users would be released from the trouble of managing multiple passwords. Questetra is capable of allowing Users who have been authenticated in "G Suite" (formerly Google Apps), the Cloud based office suite, to log into Questetra without password.

Enable Login Function using External Authentication service (OpenID)


a. OpenID Connect
Specified by “OpenID Foundation” which promotes development of safe websites and mobile profile. (REST)
b. SAML
Specified by “OASIS”, an organization which promotes business standards. (XML based data exchange)
  • Systems which manage user identities and perform identification (authentication) are collectively referred to as “Id Provider (IdP)”
  • Systems which provide any service to authenticated users are collectively referred to as “Service Provider (SP)”
  • BPM system (Questetra) will behave as SP. (It cannot be used as IdP)
  • The email address will be used as user identification (ID/ identifier) for exchanging authentication information
  • For the authentication method (e.g. Multi-factor authentication), refer to the instructions of respective authentication services
1. Enable API access
Enable API access that is used for data exchanging of “OpenID Connect”
  • The “OpenID Connect IdP” which Questetra is capable of federation with is “G Suite”, only. (as of Jan., 2016)
  • OpenID Connect is also referred to as “OAuth 2.0 for Login” or “OAuth and OpenID Connect”
  • In the G Suite, enable access to Administrative APIs. (Administrator Privilege is required)
  • (Due to the specification change of Google Apps, “OpenID 2.0” is not available since May, 2014.)
1. Set up Domain
Enter your domain into [G Suite Connectivity] setting menu (e.g.: example.com)
2. Run a Login Test
Move to Questetra’s login page and confirm G Suite login
R3090 Various Collaboration with G Suite
  • Various features collaborated with G Suite are available at the same time
1. Disable Login with Password
Put a Check to [Disable Password Authentication], if you wanted to do so
2. Confirm the Login Page
Confirm if Password Login is hidden
  • Users cannot login with a password and ID which are configured in Questetra
  • However, Users with [System Administrator Authorization] can login with their ID and password. (E.g. Fault on IdP side)