Ultimate SSO / SAML configuration guide in FlexNet Manager Suite
Ultimate SSO / SAML configuration guide in FlexNet Manager Suite
Purpose of this article
This articles aims to provide a practical guide to configure SSO / SAML for your FlexNet Manager Suite On-premise system. If you are using our cloud offering prior to Flexera Identity and Access Management (IAM) integration, then the contents of this article will also be relevant for you.
How to configure Single Sign On (SSO)
Configuring SSO is a two step process as follows.
Step 1 - Identity Provider (IdP) configuration
To configure SSO for a specific IdP vendor, refer to sub-articles below:
This is an advanced configuration and typically not required by many organizations. You will need to acquire a public/private key pair used for signing requests from FlexNet Manager Suite (SP) to the Identity Provider (IdP).
Single Logout (SLO) is currently only supported in FlexNet Manager Suite On-premise offering.
Your IdP has to support Single Logout (SLO).
Configuring SLO is yet another two step process as follows.
Step 1 - Service Provider (SP) configuration
Single Logout requires outgoing requests from SP to IdP to be signed. Refer to "Configuring outgoing requests from SP to the IdP to be signed" section within WebUI configuration guide to complete this step.
Step 2 - Identity Provider (IdP) configuration
To configure SLO for a specific IdP vendor, refer to sub-articles below:
SAML: Security Assertion Markup Language Open standard for exchanging authentication and authorization data between Identity Provider and Service Provider through digitally signed SAML requests and responses. FlexNet Manager Suite supports SAML 2.0.
IdP: Identity Provider A service that stores and verifies user identity. This will be the entity you are trusting to authenticate users to FlexNet Manager Suite.
SP: Service Provider Your FlexNet Manager Suite system that will be receiving and accepting authentication from the IdP.
Single Sign On (SSO) A process which allows your user to sign on once to your IdP, and in turn gain access to all applications within your organization.
Single Logout (SLO) A process which allows your user to log out once from either the SP or the IdP, that will in turn logout the user from all applications. Whether you want SLO to be implemented will depend on your business use case. Many businesses chose not to implement this as they don't want logging out from the SP to trigger a global logout from the IdP and other applications within the organization. Note that SLO is supported in FlexNet Manager Suite On-premise as of today.
IdP-initiated SSO / SLO This means that user starts a Single Sign On (SSO) or Single Logout (SLO) workflow from the IdP. For example if your user logs in to Okta and then select 'FlexNet Manager Suite' application, then this will be called IdP-initiated SSO.
SP-initiated SSO / SLO This means that user starts a Single Sign On (SSO) or Single Logout (SLO) workflow from the SP. For example if your user hits https://myorganization.flexera.com and gets redirected to the IdP to complete to the sign on process, then this will be called SP-initiated SSO.
FlexNet Manager Suite URL / SP URL: This is the URL your operators use to access FlexNet Manager Suite in their browser. For the purpose of this guide, we will assume this to be https://flexnet.myorganization.com/Suite. Anytime this URL is referenced, you will have to replace this with the actual application URL.
@emtmeta - The authentication to Cognos is built into FlexNet Manager as part of the installation. Authentication to Cognos is directly from FlexNet Manager. In other words, you cannot log directly into Cognos outside of FlexNet. Therefore, integration with OKTA is not needed for Cognos.
You must first log into FlexNet Manager using OKTA, and once you are logged into Cognos, your security roles within FlexNet Manager indicate if you can connect/log into Cognos.
Just to clarify , i can see there is some configuration for Cognos SSO is mentioned in the System reference document , Pleases refer the point number 6 in the following page.
