Frequently Asked Questions for Single Sign-On

Here are some questions that you might be wondering about when it comes to single sign-on (SSO).

You need to make sure those users are associated with your application on the IdP. Your IT department might have already done this, so there wouldn't be anything else you need to do. Those users will simply be directed to use the IdP login credentials when they sign in to Central.

New viewer users must be listed in your IdP, associated with your application, when they onboard themselves by trying to open the private output link. So this on demand feature via private output is probably limited to people in your company, since they're the ones who will be added to the IdP by your IT department.

The user simply no longer needs to use the Central password when logging on to an SSO-enabled license. If the user is part of multiple licenses, some of which aren't using SSO, the user will still use the Central password to log in to those licenses. Also, if the user is directed to the Central portal in general (instead of a specific license), it is still necessary to use the Central password to see the license hub and choose the correct one.

Yes and no.

Currently, it is not possible to do this automatically when using the private output link option. When you set up the license to create viewer users on demand, you can select one or more teams to associate with those new users. However, you cannot direct some of the users to be on this team (which is, for example, associated with Private Output A), while other users should be on that team (which is, for example, associated with Private Output B). All users will be associated with any and all teams that you specify in your license settings, and therefore, they will all initially have access to any private outputs associated with those teams.

However, you can onboard users manually to an SSO-enabled license. You can add new users via the private output method, and once they are part of the license, an administrator can change a user's seat type, team(s), and give specific permissions to those who have an author seat type. Also, if you use the original method of inviting users via the wizard, you can invite one group of users who will have the same seat type, team(s), permissions, etc. Then invite another group with a different seat type, team(s), etc.

MadCap Flare 2022 r2 (and later) is integrated with SSO, so if a user logs in to Central from the Flare interface, the same process occurs.

Also, there is a login option in the upper-right of Flare, which serves the same purpose as the login option in the Central window pane.

Clicking the option opens a browser-based window to log in to Central from Flare. Once logged in, the Log In button is replaced with your avatar (or your initials if you have not yet selected an avatar image).

You can click the avatar to open a drop-down menu. From here you can open the Central window pane, launch the Central portal in a browser, or log out.

For more information, see the Flare online Help.

Note Older versions of Flare work the same as before with Central, where individuals log in with a unique Central password.

The user will no longer be able to log in to your Central license. This can be a big benefit, because you don't need to worry about remembering to remove users' access from the Central license if they leave the company. However, users who are removed from the identity provider (IdP) will still technically exist on your license until you remove them. So if you want to "clean up" the users on the license and free up a seat, you need to remove that person manually from Central (see Deleting Users).