Configuring FME Flow for Azure AD SAML Authentication

Richard Mosley
Richard Mosley
  • Updated

FME Version

Introduction

FME Flow 2022.0+ has incorporated SAML Authentication as a security login. You can configure FME Flow to use a variety of Identity Providers, and our documentation will give you information on what's required from FME Flow. This article offers a step-by-step configuration for using Azure AD as the Identity Provider, if you would like to use a different provider please see Configuring FME Flow for SAML Authentication for more step-by-step tutorials. FME Flow also supports Non-SAML Azure AD authentication if that is preferred.

 

Requirements

The URL of your FME Flow and the one you set up with your Identity Provider (IdP) do not need to be publicly accessible. However, FME Flow SSL configuration is required. Please follow the documentation to Configure FME Flow for HTTPS.

 

Step-by-step Instructions

Part 1: Identity Provider Configuration

1. Create an App in Azure AD 

In Microsoft Azure, create a new app. Choose enterprise application in the left-hand navigation and then choose → New ApplicationCreate your own application.

Select  “Integrate any other application you don't find in the gallery (Non-gallery)”
AzureAD_Integraate.png

2. Enable Single Sign On

Under the App navigation click on Single Single-On and choose SAMLAzureAD_SAML.png

3. Setup Basic SAML 

Under basic SAML Configuration set the following parameters: 
Entity ID (Audience URI): 

https://<FMEFlowWebURL>/fmesaml/saml2/service-provider-metadata/fmeserver


Reply URL (Assertion Consumer Service URL):

https://<FMEFlowWebURL>/fmesaml/login/saml2/sso/fmeserver

Where <FMEFlowWebURL> is the fully-qualified hostname for your FME Flow, including both the hostname and domain.

 

4. Download the Federation Metadata XML

On the same page download the Federation Metadata XML.

By default your users should have access to all applications in your tenancy, however, if you have restricted access please make sure your users have access to the new app.

 

Part 2: FME Flow Configuration

1. Open FME Flow

Open and log into FME Flow. Navigate to User Management SAML Configuration

 

2. Import SAML 

Import your IdP Metadata or provide the certificate and values.

Select the default user role you wish users to have when they log into FME Flow. FMEFlowMetaData.png

 

Part 3: Test your Configuration

1. Log Out of FME Flow

Log out of FME Flow and you should now have the option to Log In With SAML.  Once selected you should be prompted with the Azure AD Sign-in page, proceed with entering your credentials and if the configuration is correct you should be redirected back to the FME Flow home page.
SAML_Login.png           AzureADLogin2.png

 

Confirm that the user can log in and that the role and user information is as expected.

 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.