This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Flexera IAM Management via API

jcolemn3
By
Level 3

I have been tasked by my organization to integrate Flexera One with an Identity Access Management system. I've been looking through the developer.flexera.com website and can't seem to find an api that can add a user to flexera one. I only see the ability for an administrator to invite a user manually. Blue sky scenario would be IAM system creates a user in Flexera One with requested permissions without human interaction and the same for removing access. Does this exist? If not, what workaround has been used for this kind of use-case?

‎Feb 02, 2024 07:21 PM

Labels
0 Kudos
(5) Replies

tjohnson1
By Technical Writer
Technical Writer
You would have the user log in via SSO and configure the Identity Provider for Just-In-Time Provisioning and Group Sync: https://docs.flexera.com/flexera/EN/Administration/JITProvisioningGroupSync.htm

‎Feb 02, 2024 08:50 PM

0 Kudos

jcolemn3
By
Level 3
In response to tjohnson1

Thanks for the reply. My Org currently disallows groups in IDP SAML response because of performance issues. Are there any other options available?

‎Feb 05, 2024 03:02 PM - edited ‎Feb 05, 2024 05:42 PM

0 Kudos

tjohnson1
By Technical Writer
Technical Writer
In response to jcolemn3

You can use the API to assign roles to a user after they exist: https://developer.flexera.com/docs/api/Identity%20and%20Access%20Management#/Access%20Rule/Access%20Rule%23grant

Please also vote and subscribe to the following idea to be able to interact with groups via the API: https://flexerasfdc.ideas.aha.io/ideas/FXONE-I-328 

‎Feb 06, 2024 08:56 AM

0 Kudos

jcolemn3
By
Level 3
In response to tjohnson1
@tjohnson1 wrote:

You can use the API to assign roles to a user after they existhttps://developer.flexera.com/docs/api/Identity%20and%20Access%20Management#/Access%20Rule/Access%20Rule%23grant

Thanks for the response. Will likely implement this with our IAM system. 

Highlighting the bolded above.
Is there any way to create a user without an invitation or a user explicitly adding the user via Flexera One > Administration > User Management? Trying to figure out ways to automate this without requiring a user interaction.

‎Feb 06, 2024 01:16 PM - edited ‎Feb 06, 2024 01:22 PM

0 Kudos

tjohnson1
By Technical Writer
Technical Writer
In response to jcolemn3

If you configure your IdP to include attributes named firstName and lastName then you can use Just-In-Time Provisioning to have the users created when they first log in: https://docs.flexera.com/flexera/EN/Administration/JITProvisioning.htm

You can also create the invite via the API and set skipEmailNotification to true so an email is not sent: https://community.flexera.com/t5/Flexera-One-Blog/Skip-the-email-going-out-when-the-user-is-invited-to-Flexera-One/ba-p/287017 

‎Feb 06, 2024 01:46 PM

Top Kudoed Authors
View all