Ultimate SSO / SAML configuration guide in FlexNet Manager Suite

Title

Purpose of this article

This articles aims to provide a practical guide to configure SSO / SAML for your FlexNet Manager Suite On-premise system. If you are using our cloud offering prior to Flexera Identity and Access Management (IAM) integration, then the contents of this article will also be relevant for you.

How to configure Single Sign On (SSO)

Configuring SSO is a two step process as follows.

Step 1 - Identity Provider (IdP) configuration

To configure SSO for a specific IdP vendor, refer to sub-articles below:

Okta: refer to "Configuring SAML application in Okta" section within Okta configuration guide to enable SSO / SAML in FlexNet Manager Suite.
Other Identity Providers: no specific guide currently available; refer to Okta guide and apply similar configuration in your IdP.

Step 2 - Service Provider (SP) configuration

Refer to "Configuring SAML in WebUI" section within WebUI configuration guide to enable SSO / SAML in FlexNet Manager Suite.

THAT'S IT ABOUT CONFIGURING SSO.

If everything is configured correctly, both SP-initiated and IdP-initiated Single Sign On (SSO) should work as expected. If not, see the troubleshooting guide and list of common errors.

How to configure Single Logout (SLO)

Prerequisites:

This is an advanced configuration and typically not required by many organizations. You will need to acquire a public/private key pair used for signing requests from FlexNet Manager Suite (SP) to the Identity Provider (IdP).
Single Logout (SLO) is currently only supported in FlexNet Manager Suite On-premise offering.
Your IdP has to support Single Logout (SLO).

Configuring SLO is yet another two step process as follows.

Step 1 - Service Provider (SP) configuration

Single Logout requires outgoing requests from SP to IdP to be signed. Refer to "Configuring outgoing requests from SP to the IdP to be signed" section within WebUI configuration guide to enable SSO / SAML in FlexNet Manager Suite to complete this step.

Step 2 - Identity Provider (IdP) configuration

To configure SLO for a specific IdP vendor, refer to sub-articles below:

Okta: refer to "Enabling Single Logout in Okta" section within Okta configuration guide to enable SSO / SAML in FlexNet Manager Suite.
Other Identity Providers: no specific guide currently available; refer to Okta guide and apply similar configuration in your IdP.

THAT'S IT ABOUT CONFIGURING SLO.

If everything is configured correctly, both SP-initiated and IdP-initiated Single Logout (SLO) should work as expected. If not, see the troubleshooting guide and list of common errors.

Appendix

Key terminologies

SAML: Security Assertion Markup Language
Open standard for exchanging authentication and authorization data between Identity Provider and Service Provider through digitally signed SAML requests and responses. FlexNet Manager Suite supports SAML 2.0.
IdP: Identity Provider
A service that stores and verifies user identity. This will be the entity you are trusting to authenticate users to FlexNet Manager Suite.
SP: Service Provider
Your FlexNet Manager Suite system that will be receiving and accepting authentication from the IdP.
Single Sign On (SSO)
A process which allows your user to sign on once to your IdP, and in turn gain access to all applications within your organization.
Single Logout (SLO)
A process which allows your user to log out once from either the SP or the IdP, that will in turn logout the user from all applications. Whether you want SLO to be implemented will depend on your business use case. Many businesses chose not to implement this as they don't want logging out from the SP to trigger a global logout from the IdP and other applications within the organization. Note that SLO is supported in FlexNet Manager Suite On-premise as of today.
IdP-initiated SSO / SLO
This means that user starts a Single Sign On (SSO) or Single Logout (SLO) workflow from the IdP. For example if your user logs in to Okta and then select 'FlexNet Manager Suite' application, then this will be called IdP-initiated SSO.
SP-initiated SSO / SLO
This means that user starts a Single Sign On (SSO) or Single Logout (SLO) workflow from the SP. For example if your user hits https://myorganization.flexera.com and gets redirected to the IdP to complete to the sign on process, then this will be called SP-initiated SSO.
FlexNet Manager Suite URL / SP URL:
This is the URL your operators use to access FlexNet Manager Suite in their browser. For the purpose of this guide, we will assume this to be https://flexnet.myorganization.com/Suite. Anytime this URL is referenced, you will have to replace this with the actual application URL.

Was this helpful?

Support Hub

Product

FlexNet Manager Suite

Deployment type

On-premises

Visibility

Guest

URL Name

ultimate-sso-saml-configuration-guide-in-flexnet-manager-suite

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.