Autodesk Single Sign-On (SSO)
About Single Sign-On (SSO)
Single sign-on (SSO) lets users access Autodesk products and services using the same email and password they use for your organization. This means they only need to remember one password, and if they are already signed in to your organization’s network, they will not need to sign in again to access Autodesk.
Why use SSO?
- Better user experience – Users only need to sign in once, and they do not need to remember multiple passwords. This saves time for users since they are less likely to need a password reset.
- Enhanced security – SSO uses a single point of authentication, so passwords are received and validated only by the identity provider. Since users only need to remember one password, bad security habits such as writing down passwords are minimized.
- Streamlined administration – Admins only need to maintain one email/password combo for each user, and password policies applied to the network are also applied to Autodesk services. So if you revoke an employee’s email access, they will also lose access to Autodesk—no need to revoke access to each service individually.
What you can do with Autodesk Single Sign-On
Scope
Autodesk SSO uses the Security Assertion Markup Language (SAML) 2.0 protocol. We have currently tested and support the following Identity Providers (IdP):
- Active Directory Federation Service (ADFS)
- Microsoft Azure
- Okta
- OneLogin
- PingOne
- PingFederate
Known Issues
Depending on the current patch level of your deployed software, product updates may be required to implement SSO on all Autodesk products. Please comprehensively test your products and key workflows to ensure user access is as expected.
Implementing SSO
Prepare
To prepare for SSO setup, you will need:
- A domain for your organization and the ability to sign in to the domain host.
- Primary or SSO admin access in Autodesk. Learn how to assign a SSO admin.
- An identity provider through which you have established an admin account to set up a SAML (security assertion markup language) connection.
To set up SSO, you will need to add and verify domains and set up your connection. You can do these steps in any order, but you must complete them both to turn on the connection and begin using SSO.
Set up
Add and verify domains
In this step, you’ll add domains to your Autodesk Account and verify them so that they can be used for SSO. Verification lets us know that you’re the owner of the domains you add.
You can add individual domains manually or import multiple domains by uploading a comma-separated values (CSV) file.
To verify domains, you can upload an HTML file or create a DNS TXT record. (For more information, see Verification methods).
Set up your SSO connection
In this step, you’ll set up the SSO connection using metadata from your identity provider. You will need to go into your identity provider to add Autodesk metadata and map attributes, then test the connection to ensure that the connection works and the attributes are mapped correctly.
Once the connection is set up and you have added and verified domains, you can link verified domains to your connection.
Test and turn on
At this point, you can add test users to a linked domain to test the connection before turning on SSO. This step is optional but strongly recommended to ensure that users will be able to sign in to Autodesk products and services.
Once you have confirmed that test users can successfully sign in, you can turn on SSO. This will take effect immediately, and turning it off requires help from Autodesk Support, so it is important to ensure that the connection is set up correctly before turning on SSO.
