Setting up Single Sign-On

To set up Single Sign-On authentication, do the following:

  1. Create an application in the identity provider.
    If several tenants are used, a separate application should be created for each.
  2. Enable the Single Sign-On authentication method in the identity provider.
  3. In the identity provider settings, specify the URL that will be used to send an assertion message back to ABBYY FlexiCapture if authentication is successful.
  4. Save the public certificate in Base64 format. Then save the URL that will be used by the application to access the external identity provider.
  5. Set up the required parameters in ABBYY FlexiCapture using a script. To do this:

a. Download the script here or use the script code provided below.

PowerShell script

b. On the machine where ABBYY FlexiCapture Application Server is installed, open the Windows PowerShell console as an administrator.

c. Specify the script name, the path to the script, and the following parameters:

      • the path to the Application Server
      • the path to the public certificate
      • the path to the image that will be used for the new button (images in *.svg, *.jpg, and *.png formats are supported)
      • the name of the tenant for which the parameters are being set up
      • the name of the external identity provider that will be contacted when the user clicks the Log in with… button
      • the URL that will be used to access the server of the external identity provider

Note: The script must be run by a user that has administrative permissions for ABBYY FlexiCapture.

Below is a sample command that runs the script:

C:\Temp\SetIdentityProvider.ps1 /url 'http://localhost' /cert C:\Temp\IdP_FC_integration.cer /picture 'C:\Temp\index.svg' /tenant 'TenantName' /name 'IdP Name' /reference 'https://login.microsoftonline.com/123e4567-e89b-12d3-a456-426655440000/saml2'

In this sample command:

         a. url is the path to the Application Server,
            for example, $url = 'http://localhost'.

         b. cert is the path to the public certificate,
         for example, $cert = 'C:\Temp\IdP_FC_integration.cer'.

         c. picture is the path to the image that will be used for the new button,
         for example, $picture = 'C:\Temp\index.svg'.

         d. tenant is the name of the tenant for which the parameters are being set up,
         for example, $tenant = 'TenantName'.
         Note: This parameter should only be specified if multiple tenants are used.

         e. name is the name of the external identity provider,
         for example, $name = 'IdP Name' (the text on the button will then say "Log in with IdP Name").

         f. reference is the URL for accessing the server of the external identity provider,
         for example, $reference = 'https://login.microsoftonline.com/123e4567-e89b-12d3-a456-426655440000/saml2'.

As a result, the following button will appear on the station's login page: Log in with [IdP Name].

To be able to use ABBYY FlexiCapture, users should have appropriate permissions. For more information about accounts and permissions, see Managing user accounts and permissions.

11/10/2020 12:08:03 PM


Please leave your feedback about this article