Skip to main content
Feedback

Managing Single sign-on users

Adding SSO users

After setting up single sign-on on the SSO Options tab of the Settings page, administrators can add single sign-on users.

For users that already have credentials, the administrator only needs to add a federation ID. The user’s email address cannot be changed because it is managed by the identity provider.

If a user attempts to sign in to the platform using SSO when they do not already have an account, an account is not automatically generated for them. An account administrator must first create their user account, add their user to an account, and then assign them user roles.

  1. Select Settings > Account and click the User Management tab.

  2. On the Users tab click the '+' Add icon.

  3. Enter the user's email address.

  4. Enter the user's first and last names.

  5. Enter the user's federation ID. Each user must have a federation ID that uniquely identifies the user within the account. You need this ID to configure the user in your identity provider.

  6. Assign the Standard User role to the user. Do not assign the Administrator role because that gives normal access as well as single sign-on access.

  7. Click OK.

The user does not receive a welcome notification email containing a password that can be used to log into the Boomi Enterprise Platform account because this password is managed through the identity provider.

Enabling SSO for existing users

  1. Select the user on the Users tab.

  2. Click the pencil Edit icon.

    The Add/Maintain User Roles dialog opens. Note that the user's email address is not editable.

  3. Add the user's Federation ID. Each user must have a federation ID that uniquely identifies the user within the account. You will need this ID later when you configure the user in your identity provider.

  4. Ensure that the user only has the Standard User role.

  5. Click OK.

Unlocking SSO users

When users with SSO only access make too many invalid sign in attempts using API tokens, they are locked from the Boomi Enterprise Platform and cannot make use of any services nor make API calls. Because such SSO users do not have a user name and password to enter on the sign in page, they do not have the ability to unlock themselves using the Reset your password link. Therefore, SSO users who can only sign in from an identity provider (IDP) cannot regain access to the platform until an administrator of their federating/restricting SSO-enabled account unlocks them on their behalf. The administrators of the SSO-enabled account receives immediate email notification about the locked user and can use the following steps to reinstate the user's access.

If the SSO user enters their username and password on the sign in page to access their account, sometimes they can unlock themselves using the Reset your password link on the sign in page. The note in step 3 explains how the account administrator can determine if the user is unlocked from the User Management page, or if the user can unlock themselves from the sign in page. For detailed information about the various ways in which SSO users are unlocked, see the topic Single sign-on.

  1. Select Settings > Account Access and click on the User Management tab.

    The User Management page opens.

  2. In the list of account user names, notice that each user has an icon next to their email address.

    As the Legend on the User Management page shows, a green checkmark icon indicates that the user is active and can successfully access the platform. A red exclamation icon indicates that the user is locked from the platform.

  3. Select the user name of a locked individual.

    The selection is highlighted in gray, and the Unlock User button turns from a light gray to dark gray. This indicates that the selection is available for unlocking.

    info

    If a user shows a red icon next to their name but the lock is unusable (and its color remains a light gray), this means that the user can unlock themselves using the Reset your password link on the sign in page and does not require the administrator's intervention.

  4. Click the lock icon to Unlock User.

    A dialog box opens asking you confirm the account unlock.

  5. Click OK to proceed with the unlock, or Cancel to return to the User Management page without making changes.

Results

Clicking OK in the dialog results in a confirmation message that the user was successfully unlocked, and the user's platform access is immediately restored. The checked green icon appears next to the user name in the User Management page.

On this Page