Single Sign-On Support with SAML
- The system that controls operator login for authentication is called an
"identity provider". Any identity provider that complies
with SAML 2.0 is supported. Examples include:
- Okta (http://www.okta.com)
- G Suite (http://gsuite.google.com)
- SalesForce (http://www.salesforce.com).
- The software that the operator can access after login (in this case, FlexNet Manager Suite) is called a "service provider".
Using Single Sign-on
When single sign-on has been configured appropriately, an attempt to log in to FlexNet Manager Suite will be redirected to the identity provider (IdP), where the login is supported. You may also log in to FlexNet Manager Suite directly from the identity provider, provided that this has been configured with the appropriate link to FlexNet Manager Suite.
When logging out, you can choose to close the FlexNet Manager Suite session, without affecting the session on the identity provider (or any other service provider); or may be able to initiate a complete logout from the identity provider. Note that a complete logout requires that the identity provider supports this function, and that the identity provider has this functionality configured.
Configuring Single Sign-on (Overview)
- Plan your single sign-on strategy:
- Identify your identity provider, one which supports your preferred configuration
- Will you support single sign-on initiated by the identity provider?
- Will you or your identity provider require signed and/or encrypted SAML assertions?
- Do you require support for single log-out?
- Configure FlexNet Manager Suite as a service provider by giving it an entity ID, saved in its web.config file.
- Determine whether your implementation requires that FlexNet Manager Suite use a digital certificate to support signing and encryption of the SAML assertions exchanged with the identity provider; and if so, provide the certificate and configure both the service provider and the identity provider to support it. Configuration for the service provider is again within its web.config file.
- Configure the service provider (FlexNet Manager Suite) with the details needed for communication with the selected identity provider. You may do this either by:
- Configuring it to read values from the metadata XML file maintained by the identity provider (recommended)
- Recording the full details of configuration in its own web.config file (when the identity provider does not provide access to a metadata file).
- Configuring your chosen identity provider to recognize FlexNet Manager Suite. For details, see Configuring Your Identity Provider to Recognize FlexNet Manager Suite.
FlexNet Manager Suite (On-Premises)
2023 R1