Harmony SSO¶

Overview¶

With single sign-on (SSO), a user can log in to the Harmony Portal or Design Studio via a third-party identity provider.

Before enabling SSO for your organization, you should be aware of the following conditions and restrictions:

• Administrator Conditions

  An organization administrator is subject to the following conditions:

  • They must belong to one and only one Harmony organization.

  • They must be logged in to Harmony to enable SSO, and must have the organization selected in the Harmony Portal header.

  • Their Harmony username and SSO account username must be the same, and it must be in email format.

  • The administrator that originally enabled SSO for the organization can install private agents using their Harmony credentials that were valid prior to enabling SSO.

• User Conditions

  Harmony users are subject to the following:

  • They can belong to either one SSO organization (and log in via the identity provider's portal), or multiple non-SSO organizations (and log in via the Harmony Portal).

  • To be in both SSO and non-SSO organizations, a user must be added to the Bypass SSO list, and must use their Harmony credentials to log in.

  • Their Harmony username and SSO account username must be the same, and it must be in email format.

  • Users with Admin or Agent Install permission cannot install private agents in SSO organizations unless they are added to the Bypass SSO list, and they must use their Harmony credentials.

• General Restrictions

  When enabled, SSO has the following restrictions:

  • One and only one identity provider can be used; multiple providers are not supported.

  • Each identity provider can be configured to authenticate with either OAuth 2.0 or SAML 2.0, but not both.

  • SSO is not supported on the macOS version of Design Studio.

Supported standards and providers¶

Harmony supports the OAuth 2.0 and SAML 2.0 protocols. Jitterbit has verified support for the following identity provider/protocol combinations:

• OAuth 2.0

  • Autodesk
  • BMC (proprietary to BMC customers only)
  • Google
  • Salesforce

• SAML 2.0

  • Azure Active Directory
  • Okta
  • Salesforce

No other OAuth 2.0 providers are currently supported. It may be possible to configure additional SAML 2.0 providers, but they are not supported or verified by Jitterbit.