Using Single Sign-On in ABBYY FlexiCapture
SSO authentication is only supported for web stations. When starting up a station, users need to authenticate. Besides authenticating with their ABBYY FlexiCapture user name and password, users can also be authenticated through an external identity provider (e.g. Azure Active Directory integrated with your corporate Active Directory).
Here's what happens when a user is authenticated through an external identity provider.
- The user clicks the Log in with [external server name] button.
- ABBYY FlexiCapture generates an AuthnRequest message, puts it into the SAMLRequest parameter of a URL GET request, and sends the request to the identity provider. Encrypted SAML SSO connections are not supported.
- The identity provider authorizes the user.
- If the authentication is successful, the identity provider generates an assertion message, puts it into the SAMLResponse parameter of the request, and sends the request back to ABBYY FlexiCapture.
- The request containing the assertion message is sent to the ABBYY FlexiCapture Application Server in order to determine whether the specified user has the necessary permissions to log in to the specified station.
- The Application Server verifies the assertion message using a public certificate obtained from the identity provider and then authorizes the user.
- The Application Server performs the required operations and issues an internal authentication ticket.
- The user is granted access to the appropriate web station with the issued authentication ticket.
Note: This feature has been tested using the following identity providers: Azure Active Directory, OneLogin, and Okta.
Note: Multiple identity providers can be used simultaneously. For example, different identity providers can be used for different tenants. New authentication methods will be used side by side with the existing methods, including those used by default.
For more information about SAML authentication, see Authentication using SAML 2.0 identity providers in ABBYY FlexiCapture 12.