Synchronizing SSO Application User Data
Before configuring secure token single sign-on, you must synchronize SSO application user data from the SSO application with your FlexNet Operations database, as shown here.
|
Data |
Required or Optional? |
|
User first name |
Required |
|
User last name |
Required |
|
User email ID |
Required |
|
User role |
Required |
|
User locale |
Optional, defaults to system locale |
|
User time zone |
Optional, defaults to system time zone |
|
User Account ID |
Optional, ID of the account to which the user belongs |
|
Account ID |
Required for all accounts |
|
Account display name |
Required |
Native Authentication
If the secure token SSO application performs authentication natively, then you must pre-load all user data from the SSO application into FlexNet Operations using the UserAdministration Web service. In addition, the SSO application must synchronize all subsequent changes to user information with the FlexNet Operations database.
| • | For example, if the application allows online user registration, the UserAdministration Web service must be used to create the same user in FlexNet Operations. |
| • | Because FlexNet Operations does not allow deletion of user information, if a user is deleted from the SSO application, the user’s status must be set to Inactive in FlexNet Operations. |
External Authentication
If the secure token SSO application is authenticating users with a directory service (such as LDAP), you must configure the directory service in FlexNet Operations as follows:
To configure the directory service for external authentication:
| 1. | Add the directory service as a new domain in FlexNet Operations. |
| 2. | Import groups from the directory service into the FlexNet Operations database. |
| 3. | Map roles to the imported directory groups. (Typically, the groups are assigned the Portal User role.) |
Subsequent changes to the directory service user database must be synchronized with FlexNet Operations using the UserAdministration Web service.
Note:For more information on roles, users, and domains, see Managing Accounts and Users.