Pre-requisites

Configuring SSO

Root users or Admin can configure Single Sign-On (SSO) by following these steps:

1. Log in to Your Application

   • Open your web browser and navigate to the application login page QuantaBricks.

   • Enter your root user credentials and log in.

2. Navigate to the Admin Panel

   • Once logged in, you will be directed to the Dashboard page.

   • In the top right corner, locate your profile icon.

   • Click on the profile icon to reveal a dropdown menu.

   • Select the Admin button from the dropdown to enter the Admin panel.

3. Access the Authentication Section

   • In the Admin panel, look for the side panel on the left side of the screen.

   • Find and click on the Authentication button in the side panel.

4. Configure SSO

   • Under the Authentication section, you will see an option labeled SSO.

   • Click on the SSO option to access the SSO configuration settings.

   • Follow the prompts to configure the SSO settings as required AWS Access Portal and Identity Store ID Setup.

5. Save Changes

   • After configuring the SSO settings, make sure to save your changes.

   • Look for a Save button at the bottom of the SSO configuration page and click it to apply your settings.

Note

Ensure that you have the necessary permissions and configurations in place for SSO to work correctly after the setup.

---

AWS Access Portal and Identity Store ID Setup

Follow the steps below to retrieve the AWS Access Portal URL and Identity Store ID from AWS IAM Identity Center.

1. Sign in to AWS Management Console

   • Open your web browser and go to the AWS Management Console.

   • Sign in using your administrator credentials.

2. Navigate to AWS IAM Identity Center

   • In the AWS Management Console, search for IAM Identity Center in the search bar.

   • Click on IAM Identity Center from the search results.

3. Retrieve AWS Access Portal URL

   • Once in the IAM Identity Center console, navigate to the Settings tab from the left-hand navigation.

   • Under the General Settings section, look for the AWS Access Portal URL.

   • Copy the URL. This is the link users will use to access AWS SSO.

4. Retrieve Identity Store ID

   • To get the Identity Store ID, you can either use the AWS CLI or the AWS Console.

   1. Using AWS Console

      • Go back to Settings in the IAM Identity Center console.

      • Scroll down to the Identity Source section where you’ll find the Identity Store ID.

   2. Using AWS CLI

      • Open a terminal with AWS CLI installed.

      • Run the following command to get the Identity Store ID:

      aws sso-admin list-instances
      

      • The output will contain the Identity Store ID in the IdentityStoreId field.

---

How to Retrieve AWS Access Key and Secret Access Key

To allow the application to interact with the AWS SSO service, you will need to generate the Access Key and Secret Access Key. Follow these steps to retrieve them:

1. Sign in to AWS Management Console

   • Open your web browser and navigate to the AWS Management Console.

   • Log in using your administrator credentials.

2. Navigate to the IAM Service

   • In the AWS Console, type IAM in the search bar at the top of the page.

   • Click on IAM from the search results.

3. Create a New User with Programmatic Access

   • In the IAM dashboard, select Users from the left-hand menu.

   • Click Add user.

   • Enter a username (e.g., sso-access-user).

   • Under Access type, check the box for Programmatic access to create an Access Key and Secret Access Key.

   • Click Next: Permissions.

4. Assign Permissions to the User

   • Choose an existing IAM policy or create a new one that grants the necessary permissions for interacting with the SSO service (for example, AmazonSSOReadOnly or AdministratorAccess).

   • Click Next: Tags, and optionally add tags.

   • Click Next: Review and review the configuration.

   • Click Create user.

5. Retrieve the Access Key and Secret Access Key

   • Once the user is created, AWS will generate an Access Key ID and Secret Access Key.

   • You can view and download these credentials. Make sure to store the Secret Access Key securely, as you won’t be able to view it again after this step.

---

How to Add Access Key and Secret Access Key for Applications

In order to access both applications (QuantaShare and QuantaDrive), you need to add your Access Key and Secret Access Key for authentication. Follow the steps below for each application.

1. Retrieve AWS Access Key and Secret Access Key

   If you do not already have an Access Key and Secret Access Key, follow the instructions in How to Retrieve AWS Access Key and Secret Access Key to generate them.

2. Verify the Credentials

   • After saving the credentials, log in or test the connection to ensure both applications can interact with AWS services properly.

   • If the connection fails, double-check that the Access Key and Secret Access Key were entered correctly.

3. Security Considerations

   • Store your Secret Access Key securely and avoid sharing it publicly.

   • For enhanced security, consider using AWS Secrets Manager or environment variables to manage credentials in your applications.

Note

Make sure that the AWS user associated with the credentials has the necessary permissions to interact with the required AWS services (S3 AmazonS3FullAccess) for both applications.

---

Enabling CORS in S3 Bucket for DICOM Image Preview

To allow the application to preview DICOM images stored in an S3 bucket, you need to enable Cross-Origin Resource Sharing (CORS) on your S3 bucket. Follow the steps below:

1. Log in to the AWS Management Console

   • Open your web browser and go to the AWS Management Console.

   • Sign in using your administrator credentials.

2. Navigate to the S3 Service

   • In the AWS Management Console, search for S3 in the search bar.

   • Click on S3 from the search results to open the S3 dashboard.

3. Select the S3 Bucket

   • In the S3 dashboard, locate and click on the name of the bucket where your DICOM images are stored.

4. Open the Permissions Tab

   • Inside your S3 bucket, navigate to the Permissions tab at the top of the page.

5. Configure CORS

   • Scroll down to the Cross-origin resource sharing (CORS) section.

   • Click the Edit button to modify the CORS configuration.

   • Add the following JSON configuration to enable CORS for your DICOM image previews:

   [
     {
       "AllowedOrigins": ["*"],
       "AllowedMethods": ["GET", "POST", "HEAD"],
       "AllowedHeaders": ["*"],
       "ExposeHeaders": [],
       "MaxAgeSeconds": 3000
     }
   ]
   

6. Save Changes

   • After adding the CORS configuration, click Save changes.

7. Verify the CORS Settings

   • Test the DICOM image preview in your application to ensure the CORS settings are applied correctly.

   • If any issues arise, double-check that the correct domains and methods are allowed.

Note

It’s recommended to replace “*” in AllowedOrigins with the specific domain names you trust to improve security.