Register and Log In with Harmony SSO¶
Members of a Harmony organization are managed by that organization's administrators (users who are assigned a role with Admin permissions). Once a user is invited to become a member of a Harmony organization, the registration and login process for that user depends on whether the organization is configured to use single sign-on (SSO), as described on this page.
Add New Members¶
Administrators (users who are assigned a role with Admin permissions) manage members from the Management Console Organizations page.
To add a member to an organization, you assign them to one or more roles. To remove a member from the organization, remove them from all roles. For details, see Manage Permissions, Roles, and Members on the Organizations page.
To completely remove a member from Harmony, contact Jitterbit Support.
To add a new member to a role, click the Add Member button . In the Add Member dialog, enter an email address and specify the role, then click Save.
When adding members to an organization, the behavior is different depending on these factors:
- Whether a user is new or is already registered with Harmony
- If the Harmony organization is SSO-enabled
- Whether a user is already a member of another SSO-enabled organization
- Whether a user is on a Bypass SSO list
For organizations that have SSO enabled, take note when adding members:
- Email addresses must match the usernames used with the SSO identity provider. If a member's SSO username is not in email format or does not match the email provided under the organization's Members list, this user will not be able to log in to Harmony with SSO. This is required for authentication purposes.
- A Harmony user can be a member of a single SSO-enabled organization using SSO credentials, or a member of multiple bypassed SSO organizations and multiple non-SSO organizations using Harmony credentials. They must be one of these two options. See Register and Log In Using Harmony SSO for more information.
New Harmony Users¶
Users that are not yet registered in Harmony will receive an email with further instructions and a link to log in to Harmony, depending on the SSO settings:
If the organization has SSO enabled, and the user being invited is not on the Bypass SSO list, the user will be able to authenticate with SSO and access the organization.
If the organization does not have SSO enabled or the user has already been added to the Bypass SSO list, the user will need to access the link and complete registration with Harmony prior to accessing the organization with Harmony credentials.
The Invitation Status of new members with Harmony credentials is set to Pending until Harmony registration is completed. Members using SSO are already activated users.
Existing Harmony Users¶
Users that are already registered in Harmony as members of another organization are able to be added as described below and will receive an email with further instructions, depending on the SSO settings:
If the organization has SSO enabled, and the user is not on the Bypass SSO list for that organization, and the user is not a member of any other enterprise organization, the user will be able to authenticate with SSO and access the organization.
If the organization has SSO enabled, and the user is already added to the Bypass SSO list for that organization, then the user will be able to access the organization using their Harmony credentials.
If the organization does not have SSO enabled, then the user will be able to access the organization using their Harmony credentials.
Log In with SSO or Harmony Credentials¶
Once a member is registered, the credentials they use to log in to the Harmony Portal or Design Studio depend on the SSO settings for the Harmony organizations of which they are a member. Those installing Private Agents must always use Harmony credentials.
A Harmony user can be a member of only one of these possible configurations:
- A single SSO-enabled organization
- Multiple non-SSO-enabled organizations
- Multiple SSO-enabled organizations — all with a Bypass SSO flag — and multiple non-SSO-enabled organizations
Harmony then determines how to authenticate the user based on the username provided at login.
- Member of a single SSO organization: A Harmony user can be a member of only one SSO-enabled Jitterbit organization. In this case, the user will log in using SSO credentials.
- Member of multiple non-SSO organizations: A Harmony user can be a member of multiple non-SSO-enabled organizations. In this case, the user will log in using Harmony credentials.
- Member of multiple bypassed-SSO and non-SSO organizations: A Harmony user can be a member of multiple bypassed-SSO-enabled organizations and multiple non-SSO-enabled organizations. In this case, the user will log in using Harmony credentials. The user will be able switch between bypassed-SSO-enabled and non-SSO-enabled organizations without interruption.
Log In to the Harmony Portal or Design Studio¶
When existing users log in to the Harmony Portal or the Design Studio application (versions 8.24 or later), there is a two-step login process:
Enter your Harmony or SSO username, then click Next (Harmony Portal) or Login (Design Studio).
Your username is in the form of an email address. This email address is associated with your Harmony username for a non-SSO organization or a bypassed SSO organization, or matches the username for your SSO identity provider.
The next actions depend on if you entered a Harmony or SSO username:
If the username is associated with a valid Harmony user, the next step asks for your password. Enter your password, then click the Next (Harmony Portal) or Login (Design Studio).
If the supplied credentials are associated with a valid Harmony user, you are logged in. This includes users in SSO-enabled organizations that are on the Bypass SSO list.
If the username/password combination is not valid for Harmony, you receive a message "Invalid credentials specified" and are returned to step 1 to try again.
If the username is associated with a valid user with SSO-enabled organization, and the user is not on the Bypass SSO list, you are redirected via browser to the native login interface for the identity provider.
Enter your credentials for the identity provider as normal. If validated by the identity provider, you are logged in to the Harmony Portal and redirected back to Harmony.
- If the username is not associated with either a Harmony user or a user with an SSO-enabled organization, you receive a message "Invalid credentials specified" and are returned to step 1 to try again.
Install a Private Agent¶
SSO is supported only for the Harmony Portal and Design Studio. SSO is not supported when installing a Private Agent. Organizations that have SSO enabled are subject to an exception for installing Private Agents whereby certain users provide their Harmony credentials to install Private Agents.
The users listed below can install Private Agents depending on whether the Harmony organization has SSO enabled.
Organizations that have SSO enabled are subject to an exception for installing Private Agents.
As SSO is not supported for installing Private Agents, the following users may instead provide their Harmony credentials while installing a Private Agent:
- The organization administrator who originally enabled SSO for the organization. In this case, the administrator provides their Harmony credentials that were valid prior to enabling SSO. These Harmony credentials are not subject to any password expiration policies.
- A user belonging to another non-SSO-enabled organization who has been added to the Bypass SSO list for the SSO-enabled organization, and belongs to a role with either the Admin or Agent Install permission in the SSO-enabled organization.
If a user does not have Harmony credentials, but is a member with a role assigned a permission of Admin or Agent Install, these users are not able to install Private Agents, despite their role having the required permission. The user must already have Harmony credentials established, either prior to the enabling of SSO or because they are on a Bypass SSO list, in order to perform agent installations.
Organizations that do not have SSO enabled are subject to the standard roles and permissions for installing Private Agents as defined under Managing Permissions, Roles, and Members on the Organizations page.
In other words, if a member has a role assigned with Admin or Agent Install permissions, these users are able to use their Harmony credentials to install Private Agents.