Harmony SSO¶
Overview¶
With single sign-on (SSO), a user can log in to the Harmony portal or Design Studio via a third-party identity provider.
Before enabling SSO for your organization, you should be aware of the following conditions and restrictions:
-
Administrator Conditions
An organization administrator is subject to the following conditions:
-
They must belong to one and only one Harmony organization.
-
They must be logged in to Harmony to enable SSO, and must have the organization selected in the Harmony portal header.
-
Their Harmony username and SSO account username must be the same, and it must be in email format.
-
The administrator that originally enabled SSO for the organization can install private agents using their Harmony credentials that were valid prior to enabling SSO.
-
-
User Conditions
Harmony users are subject to the following:
-
They can belong to either one SSO organization (and log in via the identity provider's portal), or multiple non-SSO organizations (and log in via the Harmony portal).
-
To be in both SSO and non-SSO organizations, a user must be added to the Bypass SSO list, and must use their Harmony credentials to log in.
-
Their Harmony username and SSO account username must be the same, and it must be in email format.
-
Users with Admin or Agent Install permission cannot install private agents in SSO organizations unless they are added to the Bypass SSO list, and they must use their Harmony credentials.
-
-
General Restrictions
When enabled, SSO has the following restrictions:
-
One and only one identity provider can be used; multiple providers are not supported.
-
Each identity provider can be configured to authenticate with either OAuth 2.0 or SAML 2.0, but not both.
-
SSO is not supported on the macOS version of Design Studio.
-
Supported standards and providers¶
Harmony supports the OAuth 2.0 and SAML 2.0 protocols. Jitterbit has verified support for the following identity provider/protocol combinations:
-
OAuth 2.0
- Autodesk
- BMC (proprietary to BMC customers only)
- Salesforce
-
SAML 2.0
No other OAuth 2.0 providers are currently supported. It may be possible to configure additional SAML 2.0 providers, but they are not supported or verified by Jitterbit.