Single Sign-On (SSO) & Security Settings

1.	Quickbase Single Sign-On (SSO) and SAML
2.	Password, Sign-in, and Security Policies
3.	Who can create apps and integrations
4.	Manage Pipelines channels

---

1. Quickbase Single Sign-On (SSO) and SAML

Business and Enterprise Plans

Single Sign-On allows users to access multiple systems and websites with a single set of user credentials (like a username and password), making it easier for them to log in. For organizations and IT teams, SSO can give them the ability to centralize how they manage users by connecting to a central Identify Provider (IdP) like Okta, OneLogin, Microsoft, Duo, and many others. This allows them to control users’ access to multiple systems, including Quickbase, in one place and streamline user management.  

Many Quickbase customers use our SAML authentication feature.  Security Assertion Markup Language, or SAML, is a standardized way to tell external applications and services, such as Quickbase, that a user is who they say they are.  SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications.  

Your realm administrator can enable user authentication to a Quickbase realm using SAML. Additionally, you can use SAML authentication to give approval status to any user in your realm, making it easier to manage access. When a user authenticates through SAML, signing in to Quickbase is typically handled through your corporate sign-in process but this set up does require some configuration. 

SAML authentication process 

The basic steps to set up SAML authentication to Quickbase are: 

• Configure an Identity Provider (IdP)
  (Your IT team might already have one)

• Configure SAML within Quickbase, or if you need help with implementation contact Quickbase Technical Support or the team helping you with your onboarding.

SAML, SSO, and realms 

Only one SAML configuration is possible with a single Quickbase realm.  There are three configuration options you can use in a Quickbase realm: 

• No SSO - All users gain access via Quickbase authentication

• All SSO - All users go through a single SSO configuration

• Some SSO - Some users authenticate through the SSO configuration, while some specific users are allowed to use Quickbase authentication instead

SAML Resources 

• SAML Authentication Overview Help Doc
• Configuring SAML Authentication

---

2. Password and Sign-in Policies  

On Business and Enterprise plans 

While your account may not decide to make use of SSO and SAML to control user access, you may still want to set up a password policy for your account. This allows you to set a standard for the minimum length of your password, when it needs to be reset, and other sign-in policy settings. You may also decide you want to leave it to the defaults that Quickbase uses and can change these policies at a later time if needed.  

How to set your realm's password, sign-in and security policies 

You will need to be a realm admin to access your accounts Policies tab 

To find these settings you will want to head to your Admin Console. You can use one of the following options to access your Admin Console: 

1. Select Admin Console from the global navigation menu
2. In the Account Admin section on the My Apps page, click Manage my account. 
3. From the My Apps page, click Quickbase Admin, then Manage my realm 

• If you aren’t a realm admin as well as an account admin, the drop down under Quickbase Admin reads Manage my account. It takes you to the admin console but may not let you access the Policies tab

Once you are on your Account Summary page you would then click the Policies tab. *If you do not see this tab, you may not be a realm admin on your account 

Many of the settings on your policies page help you align Quickbase to your own organization's security policies.

Tip: When in doubt on how they should be set up, we recommend connecting with your IT team to help you set up a plan for how Quickbase should be configured.  

In the Policies tab you will find options to set up: 

• Password Policies – Setting a minimum password length, when your passwords expire, when you allow a password to be repeated, and more.  
• Sign-in Policies - Setting session limits, limit sign-in retries, and requiring 2-step authentication.  
• IP Policies - Whether you would like to apply any IP restrictions to your realm 
• Security Policies – Settings to prevent external redirects, block embedding in iframes, restrict adding new users to your account to only realm admins, and more. 
• • Learn more about the full security policy options here

---

3. Who can create apps and integrations 

To configure who can create apps and integrations on your account you will want to head to your Admin Console, specifically your Permissions tab. You can use one of the following options to access your Account Console: 

1. Select Admin Console from the global navigation menu. 

1. In the Account Admin section on the My Apps page, click Manage my account. 
1. From the My Apps page, click Quickbase Admin, then Manage my account 
• • If you are a realm admin as well as an account admin, the drop down under Quickbase Admin reads Manage the realm.  
• Select the Permissions tab from the menu 

You may already be familiar with your Permissions tab as the place you can set up who has admin access to your account. This is also where you can set up several default permissions for the users on your account. Specifically, we are going to talk about how you can control who is able to create a new app or access Pipelines in your account. Many accounts are set to allow all users to create apps and access Pipelines, but you can also set it to only specific users are able to create apps or access Pipelines using the options shown below.

If you chose to only allow specific users to have these permissions, you would want to add them to the Permitted Users and Groups table at the bottom of the Permissions page.  

• If you don't see the person you are looking for, you can click the Add user, group, or email domain group button and, in the User Picker that appears select the users or groups that need to be added to the list.  

Once you find the user(s) you would like to edit, you can set whether they can Create Apps using the Create app column on the report and if they can access Pipelines with the Build pipelines column. When you make changes to their permissions, they are saved immediately.

Tip: We do recommend that accounts have at least 3 users with create permissions to help share the work of creating new apps for your account and cover for vacations or future transitions and that you have at least two users who can access Pipelines for the same reasons.

4. Pipelines channels available

On Enterprise plans

Quickbase Pipelines allows app builders to build integrations to other popular cloud-based software tools and automate important tasks in Quickbase. Sometimes, admins choose to restrict which channels, a specific pre-built integration, their account can use to help ensure proper compliance with your data governance policies and prevent data leakage. 

Role needed: account admin or realm admin 

To view a list of all available channels: 

1. In our waffle menu in the upper left-hand corner of the screen when you are signed into Quickbase, select Pipelines.
2. Select Channels - this opens a list of all available channels. 

To manage which channels are available in Pipelines from the Admin Console: 

1. On the My Apps page, select Quickbase Admin in the upper right, and then select Manage the realm or Manage the Account, as your case may be. This opens the Admin Console. 
2. In the Admin Console, select the Pipelines tab from the menu. 
3. From the Pipelines section of the Admin Console, the realm or account admin can turn access to channels on or off. 

Note: If a channel is turned off, any pipeline using that channel has a limited time to complete before being canceled and blocked in the future. 

---