What is Single Sign-On?

Single Sign-On (SSO) is used by organizations to centrally control access to applications and services. For users, it simplifies their work by removing the need to authenticate with each service.

When your Flow Production Tracking site is configured to use SSO, your interaction with the site will change a bit from the default login flow.

Accessing your Flow Production Tracking site in your browser

When you navigate to the URL of your Flow Production Tracking site, instead of the usual Login / Password page, you will see the following page. It informs you that your corporate credentials will be used instead to access Flow Production Tracking:

Flow Production Tracking Sign In

SSO login in a Windows environment (desktop SSO integration)

If you are working in a Windows environment, it is very likely that you will not need to enter your credentials. The required information will be sent automatically from your machine’s current Windows session to the server. This is called ‘desktop SSO integration’.

SSO login in other environments

On Linux and Mac, and sometimes on Windows, you will be prompted for your credentials. The specific graphical user interface (GUI) being shown to the user will differ according to the SSO system being used and can also be customized with the company logo and other information.

As an example, here is what you would see if your company uses Okta for SSO:

Okta Sign In

Failed login

If you entered incorrect credential information, or if you were not granted access to Flow Production Tracking, you will get an error message from either the SSO system or from Flow Production Tracking. This is dependant on the SSO system used by your company.

Here are two examples of denied access.

Blocked at the SSO system level

This error message is from the SSO system, where your user’s credentials have not been granted access to Flow Production Tracking.

You will need to contact your Flow Production Tracking Administrator to get this resolved.

Okta No Access

Blocked at the Flow Production Tracking level

The following error occurs when your credentials were correct, but you were still not given access to Flow Production Tracking.

You will need to contact your Flow Production Tracking Administrator to get this resolved.

Flow Production Tracking No Access

Your first connection using SSO

Your initial connection to a SSO-enabled Flow Production Tracking site may require a few additional steps. Don’t worry, this will happen only once. Your future visits should be seamless.

If you already had a Flow Production Tracking account before SSO was turned on

Ideally, your Flow Production Tracking Administrator has taken care of configuring everything. You should connect directly to your Flow Production Tracking site and be able to work right away.

If this is the case, you should have received an email mentioning that SSO has been enabled on your Flow Production Tracking site:

Flow Production Tracking SSO Activated

If you already had a Flow Production Tracking account, but something went wrong

While your Flow Production Tracking Administrator may have done everything in their power to make the transition to SSO as smooth as possible, an error or problem may still occur. There are three possible situations.

1. Your user does not exist in Flow Production Tracking. With the first situation, you will be notified:
   
   This usually happens when your old Flow Production Tracking login does not match the login information sent over by the SSO system. Your Flow Production Tracking Admin will need to ensure that they match or link the two accounts.
   
   You will need to contact your Flow Production Tracking Administrator to get this resolved.
2. Your email address in Flow Production Tracking matches the email provided by the SSO system. You will be asked to manually link your accounts.
   
   Here, you have two choices:

• Link your SSO account with the Flow Production Tracking account. You will be asked to provide your password for your Flow Production Tracking account in order to prove who you are. If you have forgotten your password, you can always click on the ‘Forgot login or password’ link.

  

Flow Production Tracking Link Account Password

• You can also elect to skip the account linking. We do not recommend this step. Not linking your account will result in creating a new user. This new user will not be tied to your old account and will be missing your old privileges and accesses.
  
  You will need to contact your Flow Production Tracking Administrator to get this resolved.

• No match was made in the list of existing users. You will be asked to manually link your account with an existing user account on Flow Production Tracking.
  
  Here you have two choices:

• Link your SSO account with an existing Flow Production Tracking account. You will be asked to provide the username and password for that account in order to prove who you are. If you have forgotten your password, you can always click on the ‘Forgot login or password’ link.

• You can also elect to skip the account linking. We do not recommend this step. Not linking your account will result in creating a new user. This new user will not be tied to your old account and will be missing your old privileges and accesses.
  
  You will need to contact your Flow Production Tracking Administrator to get this resolved.

If you did not have an existing Flow Production Tracking account

Ideally, your Flow Production Tracking Administrator should have created a user for you, with the appropriate login name and access to the needed projects. In that case, you should connect directly to Flow Production Tracking.

If this is the case, you will have received an email inviting you to the Flow Production Tracking site:

Flow Production Tracking SSO Invitation

Clicking on the ‘Accept invitation’ will log you in automatically.

On the following page, choose the answer that this is your first account on the site, and proceed with signing in:

Flow Production Tracking Link Account No Matches

If you do not access Flow Production Tracking directly and are being asked to link your account or create a new user

Should you see any unexpected errors or if you are asked to link to an existing account, this is a strong indication that something has gone very wrong. Please do not proceed, unless specifically instructed to do so by your Flow Production Tracking Administrator. Incorrect manipulations may cause undesired effects and result in additional delays.

You will need to contact your Flow Production Tracking Administrator to get this resolved.

Accessing your Flow Production Tracking site in RV

If your studio uses RV, you need to ensure that you are using version 7.2.2 or later in order to connect to your SSO-enabled Flow Production Tracking site.

We strongly suggest that you first try to successfully connect to your Flow Production Tracking server using a browser. This is to ensure that you have proper access using any other means to log in to Flow Production Tracking.

When you see the following connection dialog, click on the ‘Use Single Sign-On (SSO)’ link:

RV Connect

This will switch to the following dialog:

RV Connect SSO

Click ‘Continue’.

Should you experience any issues, please refer to the Failed login section. We also strongly suggest that you contact your Flow Production Tracking Administrator if you encounter any unexpected behavior.

Accessing your Flow Production Tracking site with Flow Production Tracking Desktop

If your studio uses Flow Production Tracking Desktop, you need to ensure that you are using version 1.5.0 or later in order to connect to your SSO-enabled Flow Production Tracking site.

We strongly suggest that you first try to successfully connect to your Flow Production Tracking server using a browser. This is to ensure that you have proper access before using any other means to log in to Flow Production Tracking.

When you see the following connection dialog, type in your site’s URL:

SG Desktop Login

The dialog will automatically detect that your site uses SSO:

SG Desktop Login SSO

Click ‘Sign in’ to proceed.

Should you experience any issues, please refer to the Failed login section. We also strongly suggest that you contact your Flow Production Tracking Administrator if you encounter any unexpected behavior.

Accessing your Flow Production Tracking site with internal tools and third-party applications

Any internal tools or third-party applications your studio uses to access Flow Production Tracking will need to be modified to support SSO.

Before enabling SSO on your Flow Production Tracking site, your Administrator should have ensured that your environment was ready for the switch.

If you encounter any issues with internal tools and third-party applications, please contact your Flow Production Tracking Administrator.

Troubleshooting

You received an email stating that SSO has been deactivated

It is possible that your Flow Production Tracking Administrator has decided to turn off SSO. The immediate impact for you is that you will need to remember the Flow Production Tracking credentials you used prior to SSO being activated.

There are two possible scenarios here:

1. You did not have a Flow Production Tracking account prior to SSO being enabled. In this case, you should have received the following email:
   
   Click on the ‘Reset your password’ link to proceed.
2. You did have a Flow Production Tracking account prior to SSO being enabled. In this case, you should have received the following email:
   
   As the message indicates, you will need to remember your prior credentials. If you did forget your password, you can click on ‘Forgot login or password’ link at the sign-in page to reset your password.

I have no access to any projects

You may successfully access your Flow Production Tracking server, but see the following page:

Flow Production Tracking No Projects

There are two possible scenarios here:

1. If you are a new user, the Flow Production Tracking Administrator may have forgotten to assign you to your project.
2. If you had a Flow Production Tracking account before, there may have been an oversight or a misconfiguration.

In either case, please contact your Flow Production Tracking Administrator to get the issue resolved.

I keep seeing a small window pop-up appear after I log into Flow Production Tracking

After logging into Flow Production Tracking, you may see the following browser window appear:

SSO Renewal Window

This is perfectly normal. As the text states, please do not close this window. It is used to continually authenticate your user with Flow Production Tracking and your SSO system. If you close the window, it will re-open automatically later. Then you may have to authorize Flow Production Tracking to open pop-ups in your browser (see I am being asked to allow Flow Production Tracking to open a new window).

This pop-up window appears because of a constraint tied to your SSO system.

The window should close automatically once you sign out of Flow Production Tracking.

I am being asked to allow Flow Production Tracking to open a new window

See also: I keep seeing a small window pop-up appear after I log on Flow Production Tracking

Closing the window that opened after you initially connected to Flow Production Tracking may lead to the following message:

Flow Production Tracking Popup Blocked

You will need to allow Flow Production Tracking to open new windows in order to use the site.

The mechanism to allow Flow Production Tracking to open a new window will depend on your browser. On Google Chrome, you will see a red notification in the address bar. Clicking on it will bring up the following menu:

Flow Production Tracking Popup Blocked

Choose the option to always allow pop-ups, click on ‘Done’ and then click on ‘OK’ in the notification window.

You should see a smaller Flow Production Tracking window appear in the lower left part of your screen.

If you did not close any windows after logging in, please contact your Flow Production Tracking Administrator, as there is an incorrect configuration.

Sometimes I am unable to log in to Flow Production Tracking

Your local computer clock may not have the correct time. A minor difference between your computer clock and that of the Flow Production Tracking or SSO server can cause problems.

An easy way to identify clock skew is by visiting this site: time.is.

The upper left corner will indicate if the time is correct:

or if there is a significant skew:

Please contact your System Administrator to fix your computer’s clock or contact your Flow Production Tracking Administrator if the issue persists.

In RV, my sessions do not last as long as before

With SSO enabled, the duration of sessions is no longer controlled by Flow Production Tracking or by RV. It is controlled by the SSO backend and your IT department.

I keep experiencing inconsistent behavior when logging into Flow Production Tracking

This may include intermittent access or being asked to link your account or create a new one.

There may be some leftover information from a previous session.

We strongly recommend that you clear all of the cookies in the browser for your user. The way to do that depends on the browser you use. Please consult the appropriate help documentation.

If the problem persists, please contact your Flow Production Tracking Administrator.