Hi Team, we are in the process of integrating Azure SSO with Flexera One ITAM and please help with the steps to be followed by Azure Admin and Flexera Admin and any kind of documentation apart from the references which we have in Flexera published url's like https://docs.flexera.com, https://docs.flexera.com/flexera/EN/Administration/AzureADSSO.htm.
There is a reference link in Azure tutorials suggesting how integration can be done https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/flexera-one-tutorial and there is a query on this.
As per the tutorial steps as mentioned below how to get the 'ID' does it mean Identity provider or the organisation id? Do we have to contact flexera support as suggested in the snapshot?
How are the Azure Ad groups created for this integration to provide permissions to the users going to authenticate and how are the roles going to be assigned once integration is done? Are the users who are using SSO Authentication going to land on the Dashboard page?
what additional tasks to be done at Flexera end for enabling the users with required access? As we don't have AD integrated in our solution asking this question.
Appreciate your thoughts and suggestions.
‎Aug 08, 2022 12:25 AM - last edited on ‎Aug 08, 2022 12:46 AM by ChrisG
@winvarma wrote:
As per the tutorial steps as mentioned below how to get the 'ID' does it mean Identity provider or the organisation id? Do we have to contact flexera support as suggested in the snapshot?
If I'm following right, I think you are referring to step 4 under the heading "Configure Azure AD SSO" on the Microsoft tutorial page.
See the information under the heading "Step 5: Setting Up Azure AD SSO with SAML 2.0" in the Flexera One documentation for where to get the relevant values to put in to these fields in the Azure AD single sign-on configuration.
@winvarma wrote:
How are the Azure Ad groups created for this integration to provide permissions to the users going to authenticate and how are the roles going to be assigned once integration is done?
AD groups would be created according to whatever process the organization normally uses to create AD groups. Flexera One does not place any particular requirements on how groups are created.
To give a group (or user) access to Flexera One, see the steps under the heading "Step 6: Testing the Azure AD SSO > Assigning a User or Group to Test the Azure AD SSO" on the Flexera One documentation page.
See the following page for guidance on how to apply roles for groups: Creating and Managing User Groups.
@winvarma wrote:
Are the users who are using SSO Authentication going to land on the Dashboard page?
Users normally land on the Flexera One "Getting Started" home page after signing in.
‎Aug 08, 2022 12:58 AM
Hi @ChrisG ,thanks for the swift response.
Please clarify how to get the below values populated and is it from Azure once Application is on boarded? As in our case Azure team is asking us to provide the values in steps 3 and 4 URL's <someChars>.
On Azure’s Setup Single Sign-On with SAML screen, click the pencil icon to edit the Basic SAML Configuration.
2. |
In the Identifier (Entity ID) field, copy and paste Flexera One’s Service Provider Entity ID. The information to be copied is generated in step 4 of Step 4: Setting Up an Identity Provider in Flexera One. |
3. |
In the Reply URL (Assertion Consumer Service URL) field, copy and paste Flexera One’s Assertion Consumer Service (ACS) URL. For example: |
https://secure.flexera.com/sso/saml2/<someChars>
4. |
In the Sign on URL field, copy and paste Flexera One’s Assertion Consumer Service (ACS) URL. For example: |
https://secure.flexera.com/sso/saml2/<someChars>
5. |
Click Save. |
‎Aug 08, 2022 01:16 AM - edited ‎Aug 08, 2022 01:18 AM
The fields that you are referring to there are available from the "General" tab when you select the Administration > Identity Providers menu option in Flexera One:
‎Aug 08, 2022 01:46 AM
Hi @ChrisG ,
We are yet get the SAML IDP's application signature certificate from SSO admin.
So as per your inputs the details will be populated once the Flexera application is first onboarded and once they share the Signature certificate
‎Aug 08, 2022 03:31 AM
Hi @ChrisG , Please help if my understanding is correct as mentioned above
‎Aug 09, 2022 12:20 AM
If I'm following right, I think you are saying that steps 3 and 4 to set up the certificate and other details in Flexera One need to be done before step 5 where you get the values to configure in Azure AD SSO. That is correct: the steps should be done in the order documented.
‎Aug 09, 2022 12:29 AM
Hi @ChrisG , we are trying to do the SSO integration and when we browse the IDP SAML Signature certificate its showing invalid certificate. Any suggestions?
‎Aug 16, 2022 10:47 AM
I don't know exactly what you're looking at here, but it sounds a little different from the core questions that were raised at the start of this thread. To keep each forum thread focused on a single topic/question, maybe start a new thread including a screenshot illustrating what you're trying to do and the error you're seeing.
‎Aug 16, 2022 11:22 PM
Hi All, thanks for the response and guidance. Finally we are done with SSO and Flexera One integration with the help of support. Anyone trying to do SSO integration should reach out to Flexera support for getting few details required to be populated while adding New Identity provider and in our case the initial details are populated by Flexera support and later the fields related to SSO url's are provided by internal teams and then validating the domains.
Property |
Value |
Identify Provider Name |
your name for identifying the Identity provider |
Assertion consumer service (ACS) URL |
Contact Flexera Support for this URL |
Service provider entity ID |
Contact Flexera Support for this URL |
Issuer URI |
Values will be populated once the application gets created in Azure and will be unique to Identity Provider |
Issuer URL (aka: Identifier Entity ID/Audience URI SP Identity ID ) |
Values will be populated once the application gets created in Azure and will be unique to Identity Provider |
Discovery Hint |
Unique values to help users navigate more quickly to your organisation’s federated identity provider sign-in page |
Signature Certificate |
Values will be populated once the application gets created in Azure and application SAML certificate is imported from into Identity provided created in Flexera one SSO integration |
Request Binding |
HTTP-POST |
posting the update which might help other folks on the community.
regards,
‎Sep 19, 2022 09:18 AM