Prerequisite
Single sign-on (SSO) is only supported by the OMX framework.
API Users Overview
All API users will be stored in Fluent IdP and cannot be stored in Corporate IdP as it’s not an individual user and has a separate machine-to-machine authentication flow. API users can be created via API as per the current implementation. All details provided for API Users will be stored in the SSO vendor environment.
Note
Enabling Single Sign-On (SSO) with an External Identity Provider (IDP) introduces a restriction where only ADMIN and API users possess the authorization to acquire API tokens and perform API actions.
SSO/Ping Identity Environment
SSO will be enabled for each Fluent account, and the corresponding SSO Ping Identity environment will also be created. SSO enablement requests can be made via SRE or Success teams. You must provide details of the admin user managing the SSO vendor environment.
SSO vendor environment setup will be done by the SRE team, and the following changes will be introduced:
- The admin user is created and provided the required permissions.
- Authentication and password policies are set up. By default, the password policy is not configured strictly and has everything disabled. It all can be changed later.
- Fluent Branding is enabled.
- Fluent OMX applications are enabled.
- User and API authentication flows are added.
Once SSO Environment access is granted, all configurations can be introduced by the client's IT Team or an Administrator directly in the SSO environment.
SSO Environment Admin Users
SSO Environment Admin Users
Admin users will have the following permission in the SSO vendor environment:
- Add integrations to Corporate IdP via SAML and Open ID Connect.
- Enable or Disable Fluent Users.
- Enable MFA
- Change Password Policies
- Change Environment Branding.
Note:
All Fluent Users need to be created in the Fluent application independently from what IdP type you select. There are no changes introduced to the way users are currently created, either APIs or Admin section in Fluent Console (Fluent OMS) can be used.
If you need to create an additional SSO vendor environment admin, follow the next guides:
Fluent Identity Provider (IdP) Configuration
Fluent Identity Provider (IdP) Configuration
Fluent Identity Provider (IdP) implementation will depend on how many features you want to include. If no features are required, then there is no implementation to consider. Users will be migrated to Fluent IdP and will continue to access Fluent with current credentials.
As part of Fluent IdP implementation, you will be able to benefit from strong password policies, MFA configurations, and being able to enable and disable users from Fluent IdP. All configurations will be done in the SSO vendor environment.
Users will be stored in the SSO vendor environment and in the Fluent system. Continue to create users using the currently available methods like API and Admin section in Console (OMS) app.
Fluent users cannot be created in the SSO vendor environment, however, they can be managed from there. Next user management features are available:
Password Policy Configuration
Password Policy Configuration
Passwords policies are applicable for both IdP types: Corporate IdP and Fluent IdP.
- For Corporate IdP cases, password policies will be used only for API users
- For Fluent IdP they will be applied to all users.
Note:
Default password policy has every item disabled to make sure that login will flow will work as expected after user migration for Fluent IdP users. If the password policy is changed, then users will require to change the password on their first login.
Password policies are configured once per the SSO vendor environment.
Refer the following links to learn more about password policies:
Login Page Branding
Login Page Branding
SSO vendor environment support branding for a login page. This is only applicable to users with Fluent IdP. Corporate IdP users will be redirected to their own login page during authentication.
By default Fluent branding is provided but can be changed.
Branding and themes
Editing environment branding
Guides