Managing Operators for Google OAuth 2.0

FlexNet Manager Suite 2023 R1 (On-Premises)
When Google OAuth 2.0 has been configured, the account you identified in the configuration dialog displayed by PowerShell is automatically created as an operator in FlexNet Manager Suite. This account is automatically assigned to the Administrator role. This administrator can log in to FlexNet Manager Suite to create additional operators and manage operator roles.
Note: When you are migrating from Windows Integrated Authentication, any other existing operator roles are now invalid. You need to create new operators, each based on the Google login name.

To add operators using Google OAuth 2.0:

  1. Have each potential operator attempt a login to FlexNet Manager Suite using their Google identity.
    By default, the operator account is automatically created in FlexNet Manager Suite; but because the new operator account is not assigned to any roles, the person logging in sees a screen stating that there has been a Sign In Failure. To authorize access for this operator:
    1. Logged in as the administrator account, navigate to the system menu ( in the top right corner) > Accounts.
    2. Locate the new operator account, and ensure that Enabled is selected in the Status drop-down list.
    3. Select a role for this account from the Role drop-down list.
    4. Click Save.
    When the operator is assigned to one or more roles as appropriate, that person can log in for a second time, and access is granted.
    Tip: You can turn off the automatic creation of operator accounts when unauthorized people log in using Google OAuth 2.0. To do so, on the web application server, use a flat text editor to edit the web.config file, by default located in n <drive>:\\Program Files (x86)\Flexera Software\FlexNet Manager Platform\WebUI. Update the createUnknownOperator Boolean attribute of the signOn element to false, and save the file. (The change takes effect immediately, with no need to restart FlexNet Manager Suite.) Operators now see the same Sign In Failure message, but no corresponding operator account is created (so see the next step instead).
  2. Alternatively, gather the Google account names of all required operators, and manually create the operator accounts, assigning each to the appropriate role(s) as you go.
    One difference when using Google OAuth 2.0 is that you cannot select operator names from a drop-down list (as you can when using Windows Integrated Authentication, when the potential operators have accounts in Active Directory). Instead, carefully enter the email address that functions as the Google account name directly in the Account field.
    Important: Once created, operator accounts cannot be deleted. Furthermore, the account name (in this case, an email address) cannot be edited. Be sure to enter the email address correctly, and double-check it, before clicking Create.

FlexNet Manager Suite (On-Premises)

2023 R1