Configuring Single Sign-On with SAML
You need a role with the Manage SAML SSO permission to configure the single sign-on with SAML for the Producer Portal and/or the End-User Portal.
The following procedure details the steps for configuring SAML single sign-on for the Producer Portal and the End-User Portal.
To configure single sign-on
|
1.
|
In the Producer Portal, click Administer > Configure Single Sign-On. This link shows the Configure Single Sign-On page. |
|
2.
|
On the Configure Single Sign-On page, click the button for the portal that you want to configure: |
|
•
|
Configure SSO for Producer Portal
|
|
•
|
Configure SSO for End-User Portal
|
FlexNet Operations shows the Configure SSO for Producer Portal or Configure SSO for End-User Portal page, respectively, depending on your selection.
Both pages include the same options for configuring SSO, therefore the following steps do not differentiate between SSO for the Producer Portal and SSO for the End-User Portal.
|
3.
|
Select the Enable Single Sign-On (SSO) check box to enable single sign-on. If the check box is unselected, single sign-on is unavailable. |
By default, the SSO type SAML 2.0 is used.
Important:If a configuration exists and the Enable Single Sign-On (SSO) check box is unselected, that configuration will be deleted.
|
4.
|
The fields in the section Service Provider Metadata are prepopulated. They show the metadata that the service provider (FlexNet Operations Producer Portal or End-User Portal) needs in order to communicate with the identity provider: |
|
•
|
SSO URL—The service provider’s URL to which the authentication request will be redirected. |
Example: https://flexNNNN-fno.flexnetoperations.com/mellon/postResponse
|
•
|
Audience URI / SP entity ID—URL or URN that uniquely identifies FlexNet Operations as the service provider. This is the identifier that the identity provider must use when sending its response with the SAML assertion to the service provider (FlexNet Operations).
|
You can download the SSO URL or audience URI for your reference by clicking the relevant Copy button.
|
5.
|
Click Download Service Provider Metadata to download a file that contains the metadata for the service provider (FlexNet Operations Producer Portal or End-User Portal, respectively). This metadata enables you to configure the identity provider to enable SAML SSO with the service provider.
|
|
6.
|
In the section Identity Provider Metadata, enter the metadata for your chosen identity provider:
|
|
•
|
Upload identity provider metadata—Click Choose File to upload the metadata for your identity provider. This is usually a base64-encoded file in XML format that you receive from your identity provider. Uploading the metadata configures the SAML SSO settings in FlexNet Operations.
|
|
•
|
Configure logoff URL—Type in the URL to which the user should be redirected when they log out of SSO (for example, https://www.yourcompanywebsite.com).
|
|
7.
|
Select or deselect the following settings as required:
|
|
•
|
Force authentication upon logout—Once a user has logged out of SSO they are prompted to re-enter their credentials to log in again.
|
|
•
|
Enable FlexNet Operations User Login—Select to allow FlexNet Operations system administrators to bypass SSO configurations for troubleshooting and maintenance purposes. Instead of the SAML login, a system administrator can use their FlexNet Operations credentials to log in. This option should be unselected before production deployment.
|
Note:
After you save a configuration, it takes a few minutes for the configuration to take effect.