Server Administrator - Windows single sign-on (SSO)
Single sign-on allows users to gain access to memoQ TMS by simply logging on to Windows. If these settings are turned on, the users do not need to log on to memoQ TMS separately when checking out online projects or accessing published resources.
Using these settings, you can connect memoQ TMS to the user database of your Windows system. Once the connection is set up, new users in specific Windows groups are automatically granted access to memoQ TMS. There is no need to add the same users to the user database of memoQ through the User management pane of Server Administrator.
Most of the time, memoQ TMS will be connected to a Windows domain of your organization, but it can also use the local security database of the Windows server where memoQ TMS is running.
There is a newer alternative in memoQ: Companies who are changing their single sign-on system from Windows AD to a new, OIDC-based system (for example, Azure AD or Okta), can also use their new solution to sign in to memoQ TMS. These systems offer more secure login and multi-factor authentication.
Managing memoQ TMS or memoQ TMS cloud: To do this, you need to be a member of the Administrators group on the memoQ TMS or memoQ TMS cloud, and have the project manager edition of memoQ.
memoQ TMS service account must be a domain user: The memoQ TMS service account must be a user in the Windows domain, and it must be member of the Domain users group. Normally, the memoQ TMS service runs in the name of a so-called virtual service user. However, memoQ TMS itself must access the Windows domain if it needs to accept users from that same domain. You may need to change the service user of memoQ TMS. You can do this in the Services program of Windows, or in the memoQ TMS deployment tool, while installing memoQ TMS. For more information, see the Help for the memoQ TMS deployment tool.
How to get here
-
At the very top of the memoQ window, click the Server Administrator icon. You can also find this icon on the Project ribbon.
-
The Server Administrator window opens, showing the Connection pane.
-
Type or choose the address of the memoQ TMS, and click the Select button.
You may need to log in: If you access this server for the first time, the Log in to server window opens. You need a user name and a password to access the server.
- Under Category, click Windows single sign-on. The Windows single sign-on pane appears.
What can you do?
- Check the Enable single sign-on check box. This will enable all the other settings in the Windows single sign-on pane.
- Check the Use Active Directory through the current domain check box. Before you do that, check with your IT specialists if the memoQ TMS computer is member of a Windows domain of your organization.
Do not use the local security database: It is not recommended to connect memoQ TMS to the local security database of the memoQ TMS computer. It is less secure and there will not be sufficient control over the access to your server.
- Under Single sign-on sync groups, you need to choose the domain groups that you will synchronize with memoQ TMS. memoQ TMS will allow access to user accounts that are members of the groups listed there.
- Under the list, click Add to add a group to the list. The Add single sign-on sync group window opens. Choose one or more groups from the Windows domain of your organization. If the organization has two or more Windows domains, you can choose from the other domains, too - if the memoQ TMS computer has access to those. To find out more, consult your IT specialists.
To remove a group: On the list, select the group. Click Remove. A domain user will lose access to the memoQ TMS if they are no longer members of any of the groups listed under Single sign-on sync groups.
Group members will not gain access immediately: After you add a group to the list, memoQ TMS will not synchronize the user accounts immediately. Normally, this happens once a day, at the time set in the Synchronize every day at box.
To synchronize the user accounts immediately: Click Save. Then click the Synchronize now link.
To get notified if synchronization fails: Enter an e-mail address in the E-mail address to notify when synchronization fails box. Whenever there is an error synchronizing domain users, an e-mail will be sent to this address.
On the memoQ TMS computer, the actual memoQ TMS program runs in the name of a user on that computer.
This user may or may not have proper access to the Windows domain of your organization. If it does not, you can tell memoQ TMS to log on to the domain as another user when it gets the user accounts for single sign-on. You can do this only if the memoQ TMS has not been connected any Windows domains yet.
To do this:
- Check the Use impersonation check box.
- Fill in the Domain, User name, and Password boxes. These must identify a user from the Windows domain. This user must have access to the user and group information from the Windows domain and any connected domains.
Using Qterm or memoQweb on the server? If users need to access the memoQ TMS through a web browser- when it has Qterm and/or memoQweb (legacy) installed -, check the Allow forms-based authentication for Windows users check box.
When you finish
To return to memoQ: Click Close.
Or, choose another category to manage:
- Connection (choose this to manage a different server)
- User management
- Server connections
- Group management
- Language Terminal
- Windows single sign-on
- Default server resources
- CAL licenses
- ELM licenses
- Configuration and logging
- Web service interface
- Corpus indexing
- Omniscien Technologies
- Archiving
- Performance counters
- Storage
- Background tasks
- Broadcast message
- Discussions
- Spelling in memoQweb
- Weighted counts
- Audit log for TMs
- customer portal
- CMS connections