FME Version
Introduction
FME Flow 2022.0 and newer has incorporated SAML Authentication as a security login. You can configure FME Flow to use a variety of Identity Providers, and our documentation will give you information on what's required from FME Flow. This article offers a step-by-step configuration for using OKTA as the Identity Provider, if you would like to use a different provider please see Configuring FME Flow for SAML Authentication for more step-by-step tutorials.
Requirements
The URL of your FME Flow and the one you set up with your Identity Provider (IdP) does not need to be publicly accessible, however, FME Flow HTTPS configuration is required. Please follow the documentation to Configure FME Flow for HTTPS.
Step-by-Step Instructions
Part 1: Identity Provider Configuration
1. Create App in OKTA
a. In the Admin Console, go to Applications > Applications, and Click Create App Integration.
b. Select SAML 2.0 as the Sign-on method. Click Next.
c. On the “General Settings” section under the “Create SAML Integration” page, fill in the App name and other optional fields. Click Next.
d. In the “Configure SAML” section set the following parameters
Single Sign-On URL:
<FMEServerWebURL>/fmesaml/login/saml2/sso/fmeserver
Audience URI (SP Entity ID):
<FMEFlowWebURL>/fmesaml/saml2/service-provider-metadata/fmeserver
Where <FMEFlowWebURL> is the fully-qualified hostname for your FME Flow, including both the hostname and domain.
e. Click Finish to submit configuration.
2. On the application page, go to the “Sign on” tab settings and copy and paste the Metadata URL into your web browser to open the Metadata XML file. Right-click and Save As XML document.
3. By default your users should have access to all applications in your tenancy, however, if you have restricted access please make sure your users have access to the new app.
4. Please ensure that you have enabled Just-in-Time provisioning/Auto-Membership on Okta as this is a required setting for user creation.
Part 2: FME Flow Configuration
1. Log on to FME Flow and Navigate to User Management → SAML Configuration.
2. Import your IdP Metadata or provide the certificate and values.
3. Select the default user role you wish users to have when they log into FME Flow.
Part 3: Test your Configuration
1. Log out of FME Flow and you should now have the option to Log In With SAML. Once selected you should be prompted with the OKTA Sign-in page, proceed with entering your credentials and if the configuration is correct you should be redirected back to the FME Flow home page.
2. Confirm that the user can log in and that the role and user information is as expected.
Comments
0 comments
Please sign in to leave a comment.