Access Considerations
To facilitate login to Flexxible tools, such as Portal, Analyzer, and Workspaces, authentication is delegated to existing Microsoft Entra ID (formerly Azure Active Directory) or Google accounts, which make use of OAuth2.
Depending on the configuration and security policies of the organization, an administrator may need to authorize the use of the Entra ID or Google accounts the first time they wish to use them to access Flexxible tools.
User Authentication
For the Flexxible SSO system to verify that the Microsoft Entra ID or Google account is valid and authorized to access its consoles, an administrator must give the following consents:
- Microsoft Entra ID: a Flexxible Enterprise Application is used in your tenant.
- Google Admin: an OAuth client id from Flexxible is used in your tenant.
This is one of the usual procedures when third-party applications delegate their login to Entra ID or Google Admin. The tenant administrator can see at any time what data the application has available, who has used the application, and revoke consent, which will prevent users from logging in again to any Flexxible console.
Consent and Permissions of the Enterprise Application in Entra ID
User access can be granted individually or collectively, although there is a way to simplify the process which consists of an administrator giving consent for the use of the Enterprise Application to your organization. This allows users in your organization to log in to Flexxible ODIN consoles with their corporate credentials, and automatically creates the Enterprise Application in your Azure tenant. For this, it is only necessary for the administrator to attempt to log in to the Portal for the first time, which will trigger the consent request:
If created manually, to provide authentication the Enterprise Application must have the following permissions:
| Permission | Description |
|---|---|
| Directory.Read.All | Read directory data |
| View users' email addresses | |
| offline_access | Maintain access to data you have given it access to |
| openid | Sign in |
| profile | View the basic profile of the users |
| User.Read | Sign in and read user profile |