Server administrator - Windows single sign-on (SSO)
Single sign-on allows users to gain access to memoQ server by simply logging on to Windows. If these settings are turned on, the users do not need to log on to memoQ server separately when checking out online projects or accessing published resources.
Using these settings, you can connect memoQ server to the user database of your Windows system. Once the connection is set up, new users in specific Windows groups are automatically granted access to memoQ server. There is no need to add the same users to the user database of memoQ through the User management pane of Server Administrator.
Most of the time, memoQ server will be connected to a Windows domain of your organization, but it can also use the local security database of the Windows server where memoQ server is running.
There is a newer alternative in memoQ: Companies who are changing their single sign-on system from Windows AD to a new, OIDC-based system (for example, Azure AD or Okta), can also use their new solution to sign in to memoQ server. These systems offer more secure login and multi-factor authentication.
Requires memoQ project manager: You need the project manager edition of memoQ to manage a memoQ server or a memoQ cloud.
You need to be an administrator: You may manage the server only if you are a member of the Administrators group on the memoQ server.
memoQ server service account must be a domain user: The memoQ server service account must be a user in the Windows domain, and it must be member of the Domain users group. Normally, the memoQ server service runs in the name of a so-called virtual service user. However, memoQ server itself must access the Windows domain if it needs to accept users from that same domain. You may need to change the service user of memoQ server. You can do this in the Services program of Windows, or in the memoQ server deployment tool, while installing memoQ server. For more information, see the Help for the memoQ server deployment tool.
How to get here
- Under Category, click Windows single sign-on. The Windows single sign-on pane appears.
At the very top of the memoQ window - in the Quick Access toolbar -, click the Server Administrator (cogwheel in a cloud) icon. The Server Administrator window opens, with the Connection pane.
Or: On the Project ribbon, click Server Administrator.
Type or choose the address of the memoQ server, and click the Select button.
You may need to log in to the memoQ server: If you have not used the server before, the Log in to server window opens. Type your user name and password for that server, and click OK.
What can you do?
- Check the Enable single sign-on check box. This will enable all the other settings in the Windows single sign-on pane.
- Check the Use Active Directory through the current domain check box. Before you do that, check with your IT specialists if the memoQ server computer is member of a Windows domain of your organization.
Do not use the local security database: It is not recommended to connect memoQ server to the local security database of the memoQ server computer. It is less secure and there will not be sufficient control over the access to your server.
- Under Single sign-on sync groups, you need to choose the domain groups that you will synchronize with memoQ server. memoQ server will allow access to user accounts that are members of the groups listed there.
- Under the list, click Add to add a group to the list. The Add single sign-on sync group window opens. Choose one or more groups from the Windows domain of your organization. If the organization has two or more Windows domains, you can choose from the other domains, too - if the memoQ server computer has access to those. To find out more, consult your IT specialists.
To remove a group: On the list, select the group. Click Remove. A domain user will lose access to the memoQ server if they are no longer members of any of the groups listed under Single sign-on sync groups.
Group members will not gain access immediately: After you add a group to the list, memoQ server will not synchronize the user accounts immediately. Normally, this happens once a day, at the time set in the Synchronize every day at box.
To synchronize the user accounts immediately: Click Save. Then click the Synchronize now link.
To get notified if synchronization fails: Enter an e-mail address in the E-mail address to notify when synchronization fails box. Whenever there is an error synchronizing domain users, an e-mail will be sent to this address.
On the memoQ server computer, the actual memoQ server program runs in the name of a user on that computer.
This user may or may not have proper access to the Windows domain of your organization. If it does not, you can tell memoQ server to log on to the domain as another user when it gets the user accounts for single sign-on. You can do this only if the memoQ server has not been connected any Windows domains yet.
To do this:
- Check the Use impersonation check box.
- Fill in the Domain, User name, and Password boxes. These must identify a user from the Windows domain. This user must have access to the user and group information from the Windows domain and any connected domains.
Using QTerm or memoQweb on the server? If users need to access the memoQ server through a web browser- when it has QTerm and/or memoQWeb (legacy) installed -, check the Allow forms-based authentication for Windows users check box.
When you finish
To return to memoQ: Click Close.
Or, choose another category to manage:
- Connection (choose this to manage a different server)
- User management
- Server connections
- Group management
- Language Terminal
- Windows single sign-on
- Default server resources
- CAL licenses
- ELM licenses
- Configuration and logging
- Web service interface
- Corpus indexing
- Omniscien Technologies
- Archiving
- Performance counters
- Storage
- Background tasks
- Broadcast message
- Discussions
- Spelling in memoQWeb
- Weighted counts
- Audit log for TMs
- Customer Portal
- CMS connections