A new Flexera Community experience is coming on November 18th, click here for more information.
Hello all,
I just finished setting up Okta SSO for our new Flexera One instance. I'm curious if there is a difference in Flexera One for adding internal, company users versus external, contractor users. We have Okta SSO setup which are connected to AD groups that allow the Flexera One Login "tile" to appear in our internal users Okta home page.
Previous FNMS, I would setup external users via a separate webpage. Internal users could access via Okta, when added to the AD group. Once they attempted to connect the first time, I would see their ID in the Users list and grant them the access they needed.
I'm having a very hard time understanding Flexera One with granting access. Does it work the same way? Should I only be "sending invitations" to external users? I invited one internal user, but he couldn't connect, I'm assuming, because he is part of the domain that we claimed for the SSO setup.
I'd appreciate any insight, thoughts about how to setup our users. Thanks!
Matt
Jul 15, 2021 10:52 AM
For the external users that do not have access to your Identity Provider to login via SSO, you will need to invite them to your org (https://docs.flexera.com/flexera/EN/Administration/addingusers.htm) and they will log in via username/password.
For the internal users, you can invite them to the org and after accepting the invite they can log in via username/password or SSO. If you enable JIT (https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm), then users can be added to the org when they first try to SSO into the system instead of being invited. If you enforce SSO, then you will lose the ability to invite users to the org and all users will need to use SSO (https://docs.flexera.com/flexera/EN/Administration/EnforceSSO.htm).
Jul 20, 2021 08:59 AM
For the external users that do not have access to your Identity Provider to login via SSO, you will need to invite them to your org (https://docs.flexera.com/flexera/EN/Administration/addingusers.htm) and they will log in via username/password.
For the internal users, you can invite them to the org and after accepting the invite they can log in via username/password or SSO. If you enable JIT (https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm), then users can be added to the org when they first try to SSO into the system instead of being invited. If you enforce SSO, then you will lose the ability to invite users to the org and all users will need to use SSO (https://docs.flexera.com/flexera/EN/Administration/EnforceSSO.htm).
Jul 20, 2021 08:59 AM
Jul 20, 2021 09:41 AM
This documentation only applies to Flexera One. For On-Premise FNMS, please refer to the following Knowledge Base article for more information on SSO: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guide-in-FlexNet-Manager-Suite/ta-p/157608
Jul 20, 2021 11:39 AM
Thanks @tjohnson1
Apparently the "firstName and lastName" user attributes related to JIT were not being sent through. Once our admin enabled those, my internal user was able to access Flexera One without being sent an invitation. 😁
Thanks again!
Jul 21, 2021 10:34 AM
Hello @matt_jones
Jul 21, 2021 08:41 AM