matt_jones
Level 4

Adding internal, company users versus external, contractor users...

Jump to solution

Hello all,

I just finished setting up Okta SSO for our new Flexera One instance.  I'm curious if there is a difference in Flexera One for adding internal, company users versus external, contractor users.  We have Okta SSO setup which are connected to AD groups that allow the Flexera One Login "tile" to appear in our internal users Okta home page.

Previous FNMS, I would setup external users via a separate webpage.  Internal users could access via Okta, when added to the AD group.  Once they attempted to connect the first time, I would see their ID in the Users list and grant them the access they needed.

I'm having a very hard time understanding Flexera One with granting access.  Does it work the same way?  Should I only be "sending invitations" to external users?  I invited one internal user, but he couldn't connect, I'm assuming, because he is part of the domain that we claimed for the SSO setup.

I'd appreciate any insight, thoughts about how to setup our users.  Thanks!

Matt

Labels (1)
0 Kudos
1 Solution
tjohnson1
Flexera
Flexera

For the external users that do not have access to your Identity Provider to login via SSO, you will need to invite them to your org (https://docs.flexera.com/flexera/EN/Administration/addingusers.htm) and they will log in via username/password.

For the internal users, you can invite them to the org and after accepting the invite they can log in via username/password or SSO. If you enable JIT (https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm), then users can be added to the org when they first try to SSO into the system instead of being invited. If you enforce SSO, then you will lose the ability to invite users to the org and all users will need to use SSO (https://docs.flexera.com/flexera/EN/Administration/EnforceSSO.htm).

View solution in original post

5 Replies
tjohnson1
Flexera
Flexera

For the external users that do not have access to your Identity Provider to login via SSO, you will need to invite them to your org (https://docs.flexera.com/flexera/EN/Administration/addingusers.htm) and they will log in via username/password.

For the internal users, you can invite them to the org and after accepting the invite they can log in via username/password or SSO. If you enable JIT (https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm), then users can be added to the org when they first try to SSO into the system instead of being invited. If you enforce SSO, then you will lose the ability to invite users to the org and all users will need to use SSO (https://docs.flexera.com/flexera/EN/Administration/EnforceSSO.htm).

View solution in original post

can we do it in onprem version as well. if Yes, can you share step.
0 Kudos

This documentation only applies to Flexera One. For On-Premise FNMS, please refer to the following Knowledge Base article for more information on SSO: https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guid...

0 Kudos

Thanks @tjohnson1 

Apparently the "firstName and lastName" user attributes related to JIT were not being sent through.  Once our admin enabled those, my internal user was able to access Flexera One without being sent an invitation.  😁

Thanks again!

0 Kudos
ubhatt
Flexera
Flexera

Hello @matt_jones 

 

  • External users: Your understanding is correct. Anyone with your organization id (email) can use the SSO you have set up. If the external users have an account in your AD then they can use SSO to sign in. If no account in your AD then you can invite them and these users will be using a username/password to sign in. Keep in mind though, this works only if you have not turned on mandatory SSO. If you enforced SSO then the username/password will not work. 
  • Flexera One vs. Flexnet manager user: There is no separate page in Flexera One for external users. 
ub