Authentication Services

SelectUser Management>Authentication Services.

Estimated Time Required: 5-20 minutes
Skill Level: Intermediate
Prerequisites:
- Domain Controllercredentials are available.

On the Authentication Services page, you can incorporate your organization's users and groups from the following authentication services into yourFME Flowsecurity configuration:

Windows Active Directory or other LDAP-based directory
Azure Active Directory
Security Assertion Markup Language (SAML) identity provider

When you incorporate user accounts from an authentication service, they can authenticate asUserswithFME Flowusing their authentication service credentials. Optionally, with a Windows Active Directory connection,single sign-on authenticationcan be enabled, in conjunction withSASL.

When you incorporate groups from an authentication service, they becomeRolesinFME Flow.

One convenient aspect of integrating with authentication services is the ability to use the same groups that exist on the authentication service and configure them as roles inFME Flow, assigning them permissions just as you would elsewhere. This is becauseFME Flowmaintains authentication service relationships between users and groups. For example, consider authentication service User_1 who belongs to authentication servive Group_1. If you import User_1 as a user inFME Flow, and import Group_1 as a role inFME Flow, User_1 is automatically a member of the role Group_1 inFME Flow.

Getting started with Authentication Services

Windows Active Directory, Other LDAP-based Directory, or Azure Active Directory:

Create a connection to your authentication service.
Using the connection,import Users and Groupsfrom the authentication service intoFME Flow.

SAML Identity Provider:

Complete the requirements underSAML Configuration.

Connec查看或编辑您的身份验证服务tions

The Authentication Services page displays basic information about your authentication services connections, including the connection name, the authentication service host name and port, and whether the connection is synchronized.

To view more information and edit the connection, click on it. The Editing page opens. The fields available to edit are the same as those forcreating a connectionorSAML Configuration.

Performing Other Tasks on Authentication Services Connections (Windows Active Directory, Other LDAP-based Directory, or Azure Active Directory)

Note "> NoteFor information about working with SAML connections, seeSAML Configuration.

Tocreate a new connection, clickNew.
To remove one or more connections, check the corresponding box(es) and clickRemove.

Warning "> WarningYou cannot remove an authentication services connection without first removing any users you imported from the connection. You are prompted to remove users associated with the connection, and to transferownershipof any items owned by these users to other users.

Toadd users or roles from a connection, check the box beside the connection and clickBrowse UsersorBrowse Groups, respectively.
To synchronize a connection, check the box beside the connection and clickSynchronize. This action synchronizes the following:
- Relationships between users and groups. For example, consider User_1 who belongs to Group_1 inFME Flowbecause of a corresponding relationship in the authentication service. If that relationship is subsequently broken in the authentication service, the relationship between User_1 and Group_1 will break inFME Flowafter the next synchronization interval. Likewise, if an authentication service user changes groups, that change will synchronize inFME Flow.
- Name changes to user accounts on the directory server.

Note "> NoteIf synchronization is already enabled for the connection (indicated by a green checkmark), synchronization is already occurring at specified intervals.