Signing in

Signing into QTDMP is done through Microsoft Entra ID. Authenticating through Microsoft Entra ID provides native granular control and allows you to manage your configuration from a central location. It allows configuring advanced security layers through your own conditional access policies, such as MFA, integration with OKTA and other applications that work with the Microsoft Authentication Library (MSAL).

A Microsoft Entra ID access token (constrained to the QTDMP application) is obtained when the user navigates through authentication process. This Microsoft Entra ID access token has a lifetime limit of 10 minutes after which it is automatically refreshed if the user is actively using application. The user is automatically logged out following a period of inactivity. If the user token is revoked in Microsoft Entra ID, the user will continue to have access to QTDMP until the token expiry, for a maximum of 10 minutes. User access to a QTDMP organization can be also revoked within by a QTDMP Organization Administrator, resulting in access loss after token expiry.

To enable multi-factor authentication (MFA) when signing in to QTDMP

NOTE: Multi-factor authentication (MFA) increases the security of the sign in process. With MFA, a user is granted access only after presenting two or more pieces of evidence (or factors) to an authentication mechanism.
  1. Go to the web page quest-on-demand.com.
  2. On the Welcome page, click Sign in with Microsoft.
  3. Sign in using your Microsoft MFA-enabled account.
  4. As part of the login process with Microsoft Entra ID, users must consent to the set of minimal permissions required by the QTDMP  application. 
    1. View your basic profile: Permission required for Quest to access users name and email to display the logged in user.
    2. Maintain access to data you have given it access to: Permission is automatically included and required by Microsoft for Single Page Applications as it gives access to critical refresh tokens for proper functionality. This permission scope is required for single sign on (SSO) and allows a refresh token to be returned from the authentication flow to avoid QTDMP prompting the user every time their primary authentication token times out.
  5. Click Create New Organization.
  6. Enter a name for your organization.
  7. Select the deployment region where you want your data to reside.
  8. Click Create New Organization.
  9. You are signed in as the QTDMP administrator for the new organization.

NOTE:

  • By default, all users are allowed to consent to applications for permissions that do not require administrator consent. This behavior might be disabled in some Microsoft Entra tenants and may require tenant administrators to enable user consent flow for the QTDMP application.
  • The ability to consent on behalf of your organization is available if logging in as the global administrator in the tenant.
  • The ability to request consents will only be available if the global administrator has enabled the admin consent workflow. See https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow#enable-the-admin-consent-workflow.