Identity and access management
The Quickbase platform meets the exacting needs of large enterprises, which look to IT leaders to govern their Quickbase account. Quickbase gives administrators the visibility and control they need to enforce security and compliance policies. Two types of administrators manage Quickbase: Account administrators: manage general access to Quickbase, authentication settings, and user provisioning Application administrators: manage access to individual applications
Identity management
Quickbase supports the standard System for Cross-domain Identity Management (SCIM) specification. With it, account administrators configure and automate user provisioning via identity management (IdM) solutions.
Quickbase provides support for the following IdM providers:
- Okta
- OneLogin
For other IdM integrations, Quickbase provides SCIM-compliant API endpoints. Quickbase supports creating, reading, updating and deleting (CRUD) users via GET, POST, PUT, and DELETE methods.
Authentication
Single sign on
Single sign on is available via SAML 2.0. Account administrators set up SAML in Quickbase to integrate with their Identity Provider (IdP) and make it easier to manage and automate user access.
Turn on single sign on to:
- Handle Quickbase authentication using your corporate user directory
- Add Quickbase to any existing Multi-Factor Authentication (MFA) procedures you already have that require employees to enter an MFA code from a mobile app
Built-in authentication controls
If you do not use SSO, account administrators control policies about:
- Password requirements
- Two-step vs. single-step authentication
- Session length
IP Filtering
Account administrators may configure user authorization using network access controls. Enter a range of IP addresses, and only users accessing from within that range will be allowed to access applications. Apply IP filtering to all apps or on an app-by-app basis.
Platform authorization
Account administrators control which resources users access after signing into Quickbase and the types of actions users can take.
Specifically, account administrators grant or revoke permissions at the platform level that allow users to:
- Create new applications
- Create new pipelines. Pipelines are automated workflows that may include third-party integrations.
- Access specific no-code connectors to use in Pipelines
- Access the library of application templates
- Create user tokens. User tokens control API extension points for custom code.
- Add net-new users to their applications if they application administrators. This control offers extra security and a way to control license costs.
Pipeline permissions
When a user builds an automated workflow using Quickbase’s Pipelines, they become the owner of that pipeline. They are the only user who may edit that automated workflow. However, account administrators may view a complete list of their users’ workflows at any time.
Application-level permissions
Application administrators control access to each individual application built on the Quickbase platform.
Super Users
By default, account administrators cannot access applications unless they have been added by application administrators. However, account administrators can designate specific super users who may access all applications in the account.
Application authorization
Quickbase is built on the foundation of a deep permissions system. Application administrators set up Role-based Access Controls (RBAC). They use these rules to ensure users only access what they need for their respective jobs. RBAC cover users’ ability to:
- Modify application schema
- Add users to the application
- See tables
- Modify records on tables vs. have read-only access
- See individual fields
- Modify data in individual fields vs. have read-only access
- Add or delete records on specific tables
Each Quickbase application can include an unlimited number of custom user roles. Application administrators create complex rules to enhance these permissions.
For example, a role may be configured so that the users in that role can only edit a record in a certain table if the following conditions are met:
- User is listed in a field called Assigned To, or
- The Date Created field has a date within the past 14 days
All calculated fields, all pages in the UI, all APIs, and all automated emails sent from the platform will respect rules automatically.
For instance, you could set up a report to be sent to every employee in your company weekly.
Quickbase:
- Delivers an individualized version of the report to each user
- Removes rows or columns that user does not have permission to see
The same is true if a user accidentally emailed a link to a report or a dashboard which contains sensitive information. Recipients without proper permissions in the Quickbase application will not be able to see the sensitive information.