Single Sign-On and Multifactor Authentication
FlexDeploy can be integrated with a single sign-on service using various options like OpenID Connect, SAML, OAuth etc. You can use an external service like Okta, Microsoft Azure AD, and many more, or use existing corporate single sign-on solution. Note that FlexDeploy does not provide single sign-on and multi-factor authentication services.Â
Integration mechanisms supported are OpenID Connect, SAML, OAuth. We have verified this using Okta and Microsoft Azure AD using OpenID Connect. For other OpenID Connect providers and other types of integrations, please reach out to us using the support portal.
A FlexDeploy user record will still be created when users from your single sign-on service login for the first time. See New User Process on the Realms page.
Important points about this integration:
The REST API still requires logging in using local realm users, or API Tokens. API Tokens can be created for single sign-on users.
Once you enable single sign-on, you will not be able to configure or use LDAP Realms for authentication and authorization. You can still login using local users, which can be useful if there are issues with single sign-on provider.
You can further secure this by enabling multi-factor authentication, where users are granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism. This will not be discussed here as it will be done on your single sign-on provider.
Even after enabling single sign-on, you will be able to log in using local users if necessary. If you want to log in with local users, then navigate directly to https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/login.
Â
- style