Target Audience
Who is this aimed at? Practices that have their IT managed by an internal IT person, or an external service provider that has set up Active Directory and who has knowledge of the necessary Networking protocols.
Who isn’t in aimed at? A lot of smaller practice who don’t have their IT managed by an internal IT person, or an external service provider that presently and who do not wish to integrate Active Directory and a unified Sign-on across their Domains.
Why Use SSO?
- Better user experience – Users only need to sign in once.
- Enhanced security – SSO uses a single point of authentication and passwords are received and validated only by the identity provider.
- Streamlined administration – Admins only need to maintain one email/password combo for each user, and password policies applied to the network are also applied to Autodesk services.
SSO flow chart:
Some things to note:
SSO has to be rolled out across the entire organisation’s Domain in one hit.
SSO will change all Subscription software over to the SSO login method. It will not affect Multi-User licenses.
First Steps:
You’ll need a domain for your organization and an admin account established through an identity provider (a service that stores and verifies your users’ identities), with the ability to set up a SAML connection.
You’ll want to make sure that any internal or external IT are added into your Autodesk Account as a SSO Manager. Only SSO Manager and Primary Admin have access to the SSO Settings in the Autodesk Account.
Autodesk SSO uses the SAML 2.0 protocol works with the majority on Identity Providers Autodesk initiates the SSO on behalf of the customer.
Autodesk Software preparation:
Some Autodesk products may need to be updated in order from them to work with SSO. It is recommended that this update be run on all computers that have Autodesk installed – https://download.autodesk.com/us/support/files/autocad/adsso/adsso_2023_7_64-bit-update_installer.zip
Implementing SSO
Add Domains to your Autodesk Account.
Add Connections (to OKTA) for each Domain on each Active Directory. Limited to 25 Connections with 1000 users per Connection.
Domains can be added manually or by uploading a CSV file.
Verify the Domains by uploading HTML or DNS TXT records.
Adding Users:
Ensure data contain:
- First & Last Name.
- Username.
- Each user gets a Unique ID. It is recommended to create a objectGUID
Tasks in Autodesk Account Center:
- Remove old users.
- Invite Users
Testing SSO
It is recommended that you add test Users and test for around a week.
Turning on SSO
Setup SSO with your Identify Provider.
Ongoing Tasks:
Inside the Autodesk Account Center, there are a variety of Connection Management Tasks that can carried out that include:
- Editing a connection
- Deleting a connection
- Renewing your identity provider certificate
- Link and unlink domains
- New users access (Just in time)
- Turn off SSO.
Summary
With the introduction of SSO for standard subscriptions – you can now take advantage of the extra security and ease of use previously only available to premium members
You can get detailed Help for setting up Autodesk SSO from this link: https://help.autodesk.com/view/SSOGUIDE/ENU/?guid=SSOGUIDE_Okta_Guide_About_Single_Sign_on_SSO_html
