Authentication Services
Select User Management > Authentication Services.
- Estimated Time Required: 5-20 minutes
- Skill Level: Intermediate
- Prerequisites:
- Domain Controller credentials are available.
On the Authentication Services page, you can incorporate your organization's users and groups from the following authentication services into your FME Flow security configuration:
- Windows Active Directory or other LDAP-based directory
- Azure Active Directory
- Security Assertion Markup Language (SAML) identity provider
When you incorporate user accounts from an authentication service, they can authenticate as Users with FME Flow using their authentication service credentials. Optionally, with a Windows Active Directory connection, single sign-on authentication can be enabled, in conjunction with SASL.
When you incorporate groups from an authentication service, they become Roles in FME Flow.
One convenient aspect of integrating with authentication services is the ability to use the same groups that exist on the authentication service and configure them as roles in FME Flow, assigning them permissions just as you would elsewhere. This is because FME Flow maintains authentication service relationships between users and groups. For example, consider authentication service User_1 who belongs to authentication servive Group_1. If you import User_1 as a user in FME Flow, and import Group_1 as a role in FME Flow, User_1 is automatically a member of the role Group_1 in FME Flow.
Getting started with Authentication Services
Windows Active Directory, Other LDAP-based Directory, or Azure Active Directory:
- Create a connection to your authentication service.
- Using the connection, import Users and Groups from the authentication service into FME Flow.
SAML Identity Provider:
- Complete the requirements under SAML Configuration.
To view or edit your Authentication Service Connections
The Authentication Services page displays basic information about your authentication services connections, including the connection name, the authentication service host name and port, and whether the connection is synchronized.
To view more information and edit the connection, click on it. The Editing page opens. The fields available to edit are the same as those for creating a connection or SAML Configuration.
Performing Other Tasks on Authentication Services Connections (Windows Active Directory, Other LDAP-based Directory, or Azure Active Directory)
- To create a new connection, click New.
- To remove one or more connections, check the corresponding box(es) and click Remove.
- To add users or roles from a connection, check the box beside the connection and click Browse Users or Browse Groups, respectively.
- To synchronize a connection, check the box beside the connection and click Synchronize. This action synchronizes the following:
- Relationships between users and groups. For example, consider User_1 who belongs to Group_1 in FME Flow because of a corresponding relationship in the authentication service. If that relationship is subsequently broken in the authentication service, the relationship between User_1 and Group_1 will break in FME Flow after the next synchronization interval. Likewise, if an authentication service user changes groups, that change will synchronize in FME Flow.
- Name changes to user accounts on the directory server.
Note When synchronization occurs, FME Flow ensures any authentication services name change does not break the user's connection to FME Flow. However, FME Flow does not update the user's login name (Username) or display name (Full Name).
See Also