Customizing Operator Login Data Type
By default, in a single sign-on environment conforming to SAML 2.0, a SAML user logs in using an email address, or a SAML user name. The identity provider then passes a property to FlexNet Manager Suite that allows look-up of the operator to identify which roles are applicable, and so on.
In FlexNet Manager Suite, the received property value is matched against the
OperatorLogin
column of the ComplianceOperator
table in the compliance database.
Some enterprises require that the identity provider uses a different property (such as an employee number) to authorize use of the service provider (in this case, FlexNet Manager Suite) by the operator. At a high level, the following steps are required to allow the use of a custom identifier.
To customize the property for operator login using SAML 2.0:
- Operator Sam successfully logs in using your preferred SAML 2.0 single sign-on tool (for example, Okta).
- The tool (Okta) looks up Sam's employee number, and returns it to FlexNet Manager Suite as the value for the agreed custom property (such as
EmpNo=135798642
). - FlexNet Manager Suite looks for this value in
ComplianceOperator.OperatorLogin
. - Finding a match, FlexNet Manager Suite grants Sam access with access rights determined by the roles of which she is a member.
FlexNet Manager Suite (On-Premises)
2023 R1