This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Adding internal, company users versus external, contractor users...

Jump to solution
matt_jones
By
Level 4

Hello all,

I just finished setting up Okta SSO for our new Flexera One instance.  I'm curious if there is a difference in Flexera One for adding internal, company users versus external, contractor users.  We have Okta SSO setup which are connected to AD groups that allow the Flexera One Login "tile" to appear in our internal users Okta home page.

Previous FNMS, I would setup external users via a separate webpage.  Internal users could access via Okta, when added to the AD group.  Once they attempted to connect the first time, I would see their ID in the Users list and grant them the access they needed.

I'm having a very hard time understanding Flexera One with granting access.  Does it work the same way?  Should I only be "sending invitations" to external users?  I invited one internal user, but he couldn't connect, I'm assuming, because he is part of the domain that we claimed for the SSO setup.

I'd appreciate any insight, thoughts about how to setup our users.  Thanks!

Matt

‎Jul 15, 2021 10:52 AM

Labels
0 Kudos
(1) Solution

Jump to solution
tjohnson1
By Technical Writer
Technical Writer

For the external users that do not have access to your Identity Provider to login via SSO, you will need to invite them to your org (https://docs.flexera.com/flexera/EN/Administration/addingusers.htm) and they will log in via username/password.

For the internal users, you can invite them to the org and after accepting the invite they can log in via username/password or SSO. If you enable JIT (https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm), then users can be added to the org when they first try to SSO into the system instead of being invited. If you enforce SSO, then you will lose the ability to invite users to the org and all users will need to use SSO (https://docs.flexera.com/flexera/EN/Administration/EnforceSSO.htm).

View solution in original post

‎Jul 20, 2021 08:59 AM

(5) Replies

Jump to solution
tjohnson1
By Technical Writer
Technical Writer

For the external users that do not have access to your Identity Provider to login via SSO, you will need to invite them to your org (https://docs.flexera.com/flexera/EN/Administration/addingusers.htm) and they will log in via username/password.

For the internal users, you can invite them to the org and after accepting the invite they can log in via username/password or SSO. If you enable JIT (https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm), then users can be added to the org when they first try to SSO into the system instead of being invited. If you enforce SSO, then you will lose the ability to invite users to the org and all users will need to use SSO (https://docs.flexera.com/flexera/EN/Administration/EnforceSSO.htm).

‎Jul 20, 2021 08:59 AM

Jump to solution
durgeshsingh
By
Level 10
In response to tjohnson1
can we do it in onprem version as well. if Yes, can you share step.

‎Jul 20, 2021 09:41 AM

0 Kudos

Jump to solution
tjohnson1
By Technical Writer
Technical Writer
In response to durgeshsingh

This documentation only applies to Flexera One. For On-Premise FNMS, please refer to the following Knowledge Base article for more information on SSO: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guide-in-FlexNet-Manager-Suite/ta-p/157608

‎Jul 20, 2021 11:39 AM

0 Kudos

Jump to solution
matt_jones
By
Level 4
In response to tjohnson1

Thanks @tjohnson1 

Apparently the "firstName and lastName" user attributes related to JIT were not being sent through.  Once our admin enabled those, my internal user was able to access Flexera One without being sent an invitation.  😁

Thanks again!

‎Jul 21, 2021 10:34 AM

0 Kudos

Jump to solution
ubhatt
By
Flexera Alumni

Hello @matt_jones 

 

  • External users: Your understanding is correct. Anyone with your organization id (email) can use the SSO you have set up. If the external users have an account in your AD then they can use SSO to sign in. If no account in your AD then you can invite them and these users will be using a username/password to sign in. Keep in mind though, this works only if you have not turned on mandatory SSO. If you enforced SSO then the username/password will not work. 
  • Flexera One vs. Flexnet manager user: There is no separate page in Flexera One for external users. 
ub

‎Jul 21, 2021 08:41 AM