Access Considerations
To facilitate logging in to Flexxible tools, such as Portal, Analyzer, and Workspaces, authentication is delegated to existing Microsoft Entra ID (formerly Azure Active Directory) or Google accounts, which use OAuth2.
Depending on the organization's configuration and security policies, an administrator may need to authorize the use of Entra ID or Google accounts the first time they want to use them to access Flexxible tools.
User authentication
For the Flexxible SSO system to verify that the Microsoft Entra ID or Google account is valid and authorized to access its consoles, it needs an administrator to give the following consents:
- Microsoft Entra ID: a Flexxible Enterprise Application is used in your tenant (tenant).
- Google Admin: a Flexxible OAuth client id is used in your tenant (tenant).
This is one of the usual procedures when third-party applications delegate their log in to Entra ID or Google Admin. The tenant administrator can always see what data the application has access to, who has used the application, and revoke consent, preventing users from logging in again to any Flexxible console.
Enterprise Application Consent and Permissions in Entra ID
User access can be granted individually or in groups, although there is a way to simplify the process by having an administrator consent to the use of the Enterprise Application for your organization. This allows users in your organization to log in to the Flexxible ODIN consoles with their corporate credentials and automatically create the Enterprise Application in your Azure tenant. For this, the administrator only needs to try logging in to Portal for the first time, which will trigger the consent request:
If created manually, to provide authentication the Enterprise Application must have the following permissions:
| Permission | Caption |
|---|---|
| Directory.Read.All | Read directory data |
| View user email addresses | |
| offline_access | Maintain access to data you have given access to |
| openid | Log In |
| profile | View basic user profile |
| User.Read | Log in and read user profile |