...
A FlexDeploy user record will still be created when users from your single sign-on service login for the first time. See New User Process on the Realms page.
There are some limitations in the current version of Important points about this integration:
The REST API still requires logging in using local realm users, or API Tokens. API Tokens can be created for single sign-on users.
Once you enable single sign-on, you will not be able to configure or use LDAP Realms for authentication and authorization. You can still login using local users, which can be useful if there are issues with single sign-on provider.
You can further secure this by enabling multi-factor authentication, where users are granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism. This will not be discussed here as it will be done on your single sign-on provider.
| Info |
|---|
Even after enabling single sign-on, you will be able to log in using local users if necessary. If you want to log in with local users, then navigate directly to https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/login. |
| Table of Contents | ||||
|---|---|---|---|---|
|
Enable Single Sign-On and/or Multi Factor Authentication
There is now a UI for configuring SSO realms. If you previously used an SSO Config file, it will be imported for you. See SSO Realm Group Mapping for more information.
...
| Include Page |
|---|
You can enable SSO, MFA, or both as it depends on your Provider.
|