Server administrator - Windows single sign-on (SSO)

Single sign-on allows users to gain access to memoQ server by simply logging on to Windows. If these settings are turned on, the users do not need to log on to memoQ server separately when checking out online projects or accessing published resources.

Using these settings, you can connect memoQ server to the user database of your Windows system. Once the connection is set up, new users in specific Windows groups are automatically granted access to memoQ server. There is no need to add the same users to the user database of memoQ through the User management pane of Server Administrator.

Most of the time, memoQ server will be connected to a Windows domain of your organization, but it can also use the local security database of the Windows server where memoQ server is running.

There is a newer alternative in memoQ: Companies who are changing their single sign-on system from Windows AD to a new, OIDC-based system (for example, Azure AD or Okta), can also use their new solution to sign in to memoQ server. These systems offer more secure login and multi-factor authentication.

Requires memoQ project manager: You need the project manager edition of memoQ to manage a memoQ server or a memoQ cloud.

You need to be an administrator: You may manage the server only if you are a member of the Administrators group on the memoQ server.

memoQ server service account must be a domain user: The memoQ server service account must be a user in the Windows domain, and it must be member of the Domain users group. Normally, the memoQ server service runs in the name of a so-called virtual service user. However, memoQ server itself must access the Windows domain if it needs to accept users from that same domain. You may need to change the service user of memoQ server. You can do this in the Services program of Windows, or in the memoQ server deployment tool, while installing memoQ server. For more information, see the Help for the memoQ server deployment tool.

How to get here

    At the very top of the memoQ window - in the Quick Access toolbarquick-access-default -, click the Server Administrator (cogwheel in a cloud) icon-server-administrator icon. The Server Administrator window opens, with the Connection pane.

    Or: On the Project ribbon, click Server Administrator.

    Type or choose the address of the memoQ server, and click the Select button.

    You may need to log in to the memoQ server: If you have not used the server before, the Log in to server window opens. Type your user name and password for that server, and click OK.

  1. Under Category, click Windows single sign-on. The Windows single sign-on pane appears.


What can you do?

  1. Check the Enable single sign-on check box. This will enable all the other settings in the Windows single sign-on pane.
  2. Check the Use Active Directory through the current domain check box. Before you do that, check with your IT specialists if the memoQ server computer is member of a Windows domain of your organization.

    Do not use the local security database: It is not recommended to connect memoQ server to the local security database of the memoQ server computer. It is less secure and there will not be sufficient control over the access to your server.

  3. Under Single sign-on sync groups, you need to choose the domain groups that you will synchronize with memoQ server. memoQ server will allow access to user accounts that are members of the groups listed there.
  4. Under the list, click Add to add a group to the list. The Add single sign-on sync group window opens. Choose one or more groups from the Windows domain of your organization. If the organization has two or more Windows domains, you can choose from the other domains, too - if the memoQ server computer has access to those. To find out more, consult your IT specialists.

    To remove a group: On the list, select the group. Click Remove. A domain user will lose access to the memoQ server if they are no longer members of any of the groups listed under Single sign-on sync groups.

Group members will not gain access immediately: After you add a group to the list, memoQ server will not synchronize the user accounts immediately. Normally, this happens once a day, at the time set in the Synchronize every day at box.

To synchronize the user accounts immediately: Click Save. Then click the Synchronize now link.

To get notified if synchronization fails: Enter an e-mail address in the E-mail address to notify when synchronization fails box. Whenever there is an error synchronizing domain users, an e-mail will be sent to this address.

Using QTerm or memoQweb on the server? If users need to access the memoQ server through a web browser- when it has QTerm and/or memoQWeb (legacy) installed -, check the Allow forms-based authentication for Windows users check box.

When you finish

To return to memoQ: Click Close.

Or, choose another category to manage: