This section gives an overview of the steps required to implement SSO. For additional details and step-by-step instructions, read through the full guide.

SSO is available to Autodesk customers on the following Autodesk plans:

• Standard
• Premium
• Enterprise Business Agreements (EBA)

Note: SSO is set up at the domain level for all users. Turning on SSO for a team means that all users belonging to the same organization and domain, even if they are in different teams, will use SSO to sign in.

The following diagram outlines the steps to setting up SSO:

Prepare

To prepare for SSO setup, you will need:

• A domain for your organization and the ability to sign in to the domain host.

• Primary or SSO admin access in Autodesk. Learn how to assign a SSO admin.

• An identity provider through which you have established an admin account to set up a SAML (security assertion markup language) connection.

To set up SSO, you will need to add and verify domains and set up your connection. You can do these steps in any order, but you must complete them both to turn on the connection and begin using SSO.

Note: To implement SSO, your Identity Provider (IDP) must support SAML 2.0 (Security Assertion Markup Language). Some examples of the supported systems include Microsoft ADFS, Microsoft Azure, PingFed, PingOne, Okta, and Onelogin that comes with detailed setup instructions for each IDP. If you are unsure whether your IDP can be supported, contact your Autodesk representative.

Set up

Add and verify domains

In this step, you’ll add domains to your Autodesk Account and verify them so that they can be used for SSO. Verification lets us know that you’re the owner of the domains you add.

You can add individual domains manually or import multiple domains by uploading a comma-separated values (CSV) file.

To verify domains, you can upload an HTML file or create a DNS TXT record. (For more information, see Verification methods).

Set up your SSO connection

In this step, you’ll set up the SSO connection using metadata from your identity provider. You will need to go into your identity provider to add Autodesk metadata and map attributes, then test the connection to ensure that the connection works and the attributes are mapped correctly.

Once the connection is set up and you have added and verified domains, you can link verified domains to your connection.

Test and turn on

At this point, you can add test users to a linked domain to test the connection before turning on SSO. This step is optional but strongly recommended to ensure that users will be able to sign in to Autodesk products and services.

Once you have confirmed that test users can successfully sign in, you can turn on SSO. This will take effect immediately, and turning it off requires help from Autodesk Support, so it is important to ensure that the connection is set up correctly before turning on SSO.

Next: Add and Verify Domains