Automate MFT provides modern authentication capabilities through industry‑standard Single Sign‑On (SSO) protocols. This enables organizations to centralize authentication, improve security, and provide a seamless login experience for users.

Supported Authentication Protocols

Automate MFT supports two major identity federation standards:

  • SAML 2.0 – Automate MFT supports SAML 2.0 as a fully functional Service Provider. Organizations can integrate via major identity platforms such as Okta, Entra ID, and any other SAML‑compliant identity provider.
  • OpenID Connect (OIDC) – OIDC integrations must follow these requirements:
    • Application type: Web Application
    • Grant type: Authorization Code
    • Required scopes: openid, email

Automate MFT supports both SAML 2.0 and OIDC to deliver secure, centralized authentication. For a successful integration, only metadata (for SAML), application credentials (for OIDC), issuer details, and the email claim are required.

SAML 2.0 requirements

To configure SAML SSO for a tenant, provide the following:
  • Metadata URL or SAML Metadata File – A hosted metadata URL or an uploaded metadata XML file that includes identity provider endpoints, certificates, bindings, and identifiers.
  • Email Claim – Automate MFT identifies users through the email claim inside the SAML assertion. The following is an example of a typical claim type:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

OIDC requirements

To configure OIDC for a tenant, provide the following:
  1. Client ID – The application identifier assigned by the identity provider.
  2. Client Secret – Required for backend token exchange during the authorization code flow.
  3. Issuer URL – Base URL of the identity provider, which is used for auto‑discovery. The following is an example of an issuer URL:
    <issuer_url>/.well-known/openid-configuration
  4. Email Claim – A required claim in the ID token or userinfo response.