To set up Single Sign-On authentication, do the following:
- Create an application in the identity provider.
- Enable the Single Sign-On authentication method in the identity provider.
- In the application settings, specify the ACS URL (Assertion Consumer Service URL) that will be used to send the Identifier (Entity ID) and an assertion message back to ABBYY FlexiCapture Cloud if the authentication was successful. These values must contain identical URLs.
Note: The URLs should be specified in the following format: https://<cloud-host-name>/FlexiCapture12/Login/<TenantName>/AccessToken/Saml, where <cloud-host-name> is the host name of the SaaS URL of your processing location and <TenantName> is the name of your tenant in ABBYY FlexiCapture Cloud.
For example, a user in the john_doe tenant using a European FlexiCapture Cloud instance would use the following URL:
- Save the public key certificate in Base64 format and the login URL that will be used by the application to access the external identity provider.
- Provide the following information to cloud support or the account manager:
a. The URL of your FlexiCapture Cloud region and your tenant name
b. The public key certificate
c. The login URL
d. The image for the new Log in with… button (images in *.svg, *.jpg, and *.png formats are supported)
e. The name of the external identity for the Log in with… button
Once the setup has been completed by cloud support, an additional login button will appear on your login page: Log in with [IdP Name].
Granting permissions to new user accounts when using external identity providers
When a new user logs in to ABBYY FlexiCapture Cloud using an external identity provider/SSO, a new account will be created in ABBYY FlexiCapture without any permissions. The tenant administrator will need to grant the new account permissions or add it to the appropriate user groups. For more information about accounts and permissions, see #ERROR_INVALID_LINK_permissions#.
To delete or modify the external identity providers in your tenant, please contact technical support.