You are currently viewing (FAQ) – Support for New Identity Provider (IdP) in Evolve or Studio Manager

(FAQ) – Support for New Identity Provider (IdP) in Evolve or Studio Manager

Description:

FAQ – New IdP (Identity Provider) support (Evolve or Studio Manager)

Works with Evolve or Studio Manager

Solution:

FAQ – New Identity Provider (IdP) Support in Evolve or Studio Manager

Q1: Which authentication providers are currently supported in Evolve?

Answer: Evolve supports the following authentication providers for user authentication between the end user (browser or Studio client) and Evolve:

  • Windows AD
  • SSO providers:
    • SAML (Azure AD, Okta, ADFS, Auth0, Google)
    • OAuth (Azure AD, Okta, ADFS, Auth0)

Please note that authentication support between Evolve and SAP ERP systems like S/4HANA is not covered in this knowledge base article. More information on that topic can be found in the product documentation.

Q2: If a customer wants to use an IdP that is not in the supported list, what is required for Precisely to provide support for a new IdP?

Answer: Currently, only the IdPs mentioned in the answer to question 1 have been tested. In theory, other IdPs should work with Evolve on SAML or OAuth, with a few exceptions such as AD Sync and user lookup. To provide support for a new IdP, access to the customer’s environment with that IdP is required. This typically involves involvement from the customer’s IT/cloud ops team. Licensing costs and limited access to trial versions of IdP software can create challenges, which is why access to the customer’s IdP environment is usually necessary for development and testing.

Q3: Which features may not work with an untested IdP?

Answer: User Lookup and AD Sync features do not work without code changes and customization. Additional features depend on testing to determine if they will work.

Q4: How long does it take for Precisely to provide support for a new IdP?

Answer: Precisely aims to incorporate support for a new IdP as a limited release for a specific customer, which can later become generally available. Typically, it takes a minimum of two months for engineering to validate, fix issues, and provide support for a new IdP on a single protocol (SAML/OAuth). This timeframe does not include the time required by IT/cloud ops to set up the engineering environment. However, support for a new IdP will also require a software release vehicle. For example, if the next release is scheduled for three months, adding support for a new IdP will extend the release by two months, resulting in a version of the product supporting the new IdP being available in approximately five months.

Q5: What are the criteria for Precisely to add support for a new IdP? How can a customer assist?

Answer: Any IdP that supports SAML/OAuth can potentially be supported with Evolve. Customers can help expedite the support for a new IdP by:

  • Providing Precisely with access to their development environment where Evolve is deployed, enabling quick code changes and testing if needed.
  • Designating a point of contact from their IT team who can assist engineering with any required changes.
  • If the above options are not feasible, customers can provide a license for the IdP software to facilitate internal code changes and testing.

Q6: What are Precisely’s plans to streamline the process of adding support for new IdPs?

Answer: The engineering team at Precisely is currently working on several Proof of Concepts (POCs) to streamline the process. This includes exploring the use of SCIM servers. More information on these developments will be available in the coming months.

 

Tags: ,

Leave a Reply