FlexDeploy 7.0 introduces concept of SSO Realm, previously single sign-on was configured using configuration file. Customers using single sign-on using configuration file with previous versions of FlexDeploy will automatically be migrated to SSO Realm.

If an SSO Realm is enabled, no LDAP realms are allowed and users are directed to login with single sign-on provider instead of through the normal FlexDeploy login page.

If there is an issue logging in with SSO, or you want to login as an internal user such as fdadmin, go to the page flexdeploy/next/#/login.

Configuring an SSO Realm

If you had an fdsso.config file setup previously, it will automatically be upgraded to an SSO Realm. In 7.0, SSO Realms are seen in the UI. The file is no longer needed after the first startup of 7.0+.

Only FlexDeploy Administrators can update Realm settings.

In order to enable or disable single sign-on, use Enable Single Sign-On switch.

When you enable single sign-on, a new SSO realm will be populated with a sample configuration, and you will definitely need to configure it to your needs. You can also delete all details (see General section below), and press CTRL+Space to choose another sample.

It’s OK if the provider isn’t the same as yours, but choose either SAML or OIDC correctly.

Other providers are fine to use!

You can make credentials for any sensitive values and include them in the script. Reference them by using the syntax ${{CREDENTIAL NAME}}. Variable name suggestions will show up after typing ${{.

Here are some pages of information about some identity providers that we have tested more thoroughly and documented. FlexDeploy 7.0 also allows mapping of roles/groups in single sign-on provider to FlexDeploy groups, see SSO Realm Group Mapping for more details.