Introduction
Note:
This feature needs to be unlocked for your account. If you are interested, please contact support@frisbii.com.
Single sign-on (SSO) is an authentication method that allows you to authorize once and use multiple applications without having to authorize again.
To use the single sign-on method in Frisbii Transform, you have to connect an identity provider, e.g., an active directory, with Frisbii Transform. Frisbii Transform supports the OpenID Connect protocol and Azure Active Directory.
Frisbii Transform distinguish between internal users and external users. Internal users are created and managed in Frisbii Transform. External users are provided and managed by the connected identity provider.
As soon as an external user logs into Frisbii Transform the first time, the user is created in Frisbii Transform. When the user data in the identity provider are updated, Frisbii Transform will update the user data of the external user. You can also invite external users. The user will then be pre-created.
Note:
External Id and email address cannot be edited in Frisbii Transform.
Users of the identity provider cannot be edited in Frisbii Transform.
When the roles and users are provided by Azure Active Directory , the external user is read only.
When the roles of the users provided by Azure Active Directory are managed in Frisbii Transform, only the roles are editable.
When the roles are provided by Open ID Connect, the roles are not visible.
When the roles of the users provided by Open ID Connect are managed in Frisbii Transform, only the roles are editable.
Single sign-off out of Frisbii Transform is not possible.
1 | User calls Frisbii Transform |
2 | Request is sent to user's browser |
3 | Access is requested from the identity provider |
4 | User logs in if necessary |
5 | Token is sent to user's browser |
6 | Token with the user's identity is sent to Frisbii Transforms endpoint |
7 | Request is received by Frisbii Transform and user is validated |
8 | Access is granted |
Inviting external user
To get to the User Accounts, click on your email address > Account in the top right corner.
In the ACCOUNT section, click User Accounts.
Click the Invite User button.
Select External User in the User Type dropdown-list.
Fill in the required fields.
Select the roles.
Note:
If the External Role Assignments Strategy in the settings is set to RolePerLegalEntity or OneRoleForAllLegalEntities it is not possible to select roles. Roles provided by Identity Provider are assigned.
Click Save.