Autodesk Single Sign-On (SSO)

Autodesk Revit

About Single Sign-On (SSO)

Single sign-on (SSO) lets users access Autodesk products and services using the same email and password they use for your organization. This means they only need to remember one password, and if they are already signed in to your organization’s network, they will not need to sign in again to access Autodesk.

Why use SSO?

  • Better user experience – Users only need to sign in once, and they do not need to remember multiple passwords. This saves time for users since they are less likely to need a password reset.
  • Enhanced security – SSO uses a single point of authentication, so passwords are received and validated only by the identity provider. Since users only need to remember one password, bad security habits such as writing down passwords are minimized.
  • Streamlined administration – Admins only need to maintain one email/password combo for each user, and password policies applied to the network are also applied to Autodesk services. So if you revoke an employee’s email access, they will also lose access to Autodesk—no need to revoke access to each service individually.
Autodesk Inventor 2023 video

What you can do with Autodesk Single Sign-On

Autodesk Revit

Scope

Autodesk SSO uses the Security Assertion Markup Language (SAML) 2.0 protocol. We have currently tested and support the following Identity Providers (IdP):

  • Active Directory Federation Service (ADFS)
  • Microsoft Azure
  • Okta
  • OneLogin
  • PingOne
  • PingFederate

Capabilities

Authentication – Autodesk’s SSO solution supports federated authentication. You sign in to Autodesk Services using your company credentials instead of using an Autodesk ID and password. Autodesk additionally supports syncing groups and users from your company directory via our directory sync capabilities. Please refer to the directory sync section of the help guide for more information.

Support for Single User Subscription, Multi User Subscription and Token Flex licensing and Cloud Connectivity for 2017 product versions and later.

SSO Sign in is enforced across all products and services – Autodesk Single Sign on is implemented via email domain, not by product, project or end point, meaning once enabled user is required to use their company credentials for access to Autodesk. There is no hybrid solution using old Autodesk ID + SSO for the same email domain.

Autodesk Revit

Known Issues

Depending on the current patch level of your deployed software, product updates may be required to implement SSO on all Autodesk products. Please comprehensively test your products and key workflows to ensure user access is as expected.

Implementing SSO

Model based designs in Revit

Prepare

To prepare for SSO setup, you will need:

  • A domain for your organization and the ability to sign in to the domain host.
  • Primary or SSO admin access in Autodesk. Learn how to assign a SSO admin.
  • An identity provider through which you have established an admin account to set up a SAML (security assertion markup language) connection.

To set up SSO, you will need to add and verify domains and set up your connection. You can do these steps in any order, but you must complete them both to turn on the connection and begin using SSO.

Model based designs in Revit

Set up

Add and verify domains
In this step, you’ll add domains to your Autodesk Account and verify them so that they can be used for SSO. Verification lets us know that you’re the owner of the domains you add.

You can add individual domains manually or import multiple domains by uploading a comma-separated values (CSV) file.

To verify domains, you can upload an HTML file or create a DNS TXT record. (For more information, see Verification methods).

Set up your SSO connection

In this step, you’ll set up the SSO connection using metadata from your identity provider. You will need to go into your identity provider to add Autodesk metadata and map attributes, then test the connection to ensure that the connection works and the attributes are mapped correctly.

Once the connection is set up and you have added and verified domains, you can link verified domains to your connection.

Urban Heat Island (UHIs)

Test and turn on

At this point, you can add test users to a linked domain to test the connection before turning on SSO. This step is optional but strongly recommended to ensure that users will be able to sign in to Autodesk products and services.

Once you have confirmed that test users can successfully sign in, you can turn on SSO. This will take effect immediately, and turning it off requires help from Autodesk Support, so it is important to ensure that the connection is set up correctly before turning on SSO.

  • Quote