Setting up Single Sign-On
To set up Single Sign-On authentication, do the following:
- Create an application in the identity provider.
If several tenants are used, a separate application should be created for each.
- Enable the Single Sign-On authentication method in the identity provider.
- In the identity provider settings, specify the URL that will be used to send an assertion message back to ABBYY FlexiCapture if authentication is successful.
- Save the public certificate in Base64 format. Then save the URL that will be used by the application to access the external identity provider.
- Set up the required parameters in ABBYY FlexiCapture using Administration and Monitoring Console. To do this:
- Launch the Administration and Monitoring Console.
Important! Only the ABBYY FlexiCapture administrator can add and configure Single Sign-On on the default tenant. On other tenants, Single Sign-On can be configured by tenant administrators.
- Go to Settings -> Single Sign-On.
- Click Add Configuration.
- In the dialog box that opens, specify the required parameters:
- Name - the name of the external identity provider that will be contacted when the user clicks the Log in with [IdP Name] button.
- Reference - the URL that will be used to access the server of the external identity provider.
- Upload Image File - the path to the image that will be used for the new button (images in *.svg, *.jpg, and *.png formats are supported).
- Upload Certificate File - the path to the public certificate.
- Click OK. The new configuration will be added to the list. If required, you can change it by clicking Edit.
Note: You can specify multiple identity providers.
As a result, the following button will appear on the station's login page: Log in with [IdP Name].
To be able to use ABBYY FlexiCapture, users should have appropriate permissions. For more information about accounts and permissions, see Managing user accounts and permissions.