How to set up Autodesk Single Sign-On

Autodesk has now enabled Single Sign-On (SSO) for all users, you don’t longer need to have an Autodesk Premium Plan. Just as the name implies, with SSO you only need to sign in once in order to use all connect products. In this case, if you are signed on your company-owned device, then you don’t need to sign in anymore in Autodesk.

The advantage of SSO is that the user only needs to sign in once and doesn’t have to remember multiple passwords. This prevents the change of users writing passwords done, or using simple passwords. Another big advantage is that access is automatically revoked to Autodesk once a user is removed from the identity provider.

In this article, we are going to configure Autodesk Single Sign-On in combination with Microsoft 365.

What you need to know

Before we can enable SSO for your Autodesk environment there are a couple of things you need to know. The most important one is that once you have enabled SSO, you can’t disable it anymore. The only way to revert it is by contacting Autodesk Support.

Autodesk supports multiple Identity provides for SSO:

  • Microsoft Azure (For Microsoft 365 users)
  • Google Cloud Identity
  • Okta
  • OneLogin
  • PingOne
  • PingFederate
  • Active Directory Federation Service (ADFS)

We will focus on Microsoft Azure, but the principle will be pretty much the same for all providers because they all use the Security Assertion Markup Language (SAML) 2.0 protocol.

When you enable SSO in Autodesk, it will be effective immediately. This means that the users will need to re-authenticate when they open an Autodesk product. Instead of the Autodesk login, they will then see the login screen of your identity provider. So in the case of Microsoft 365, the user will see the Microsoft login screen.

So it’s important to test SSO with only a small group of users before you roll it out to all users in your Autodesk tenant.

Set up Autodesk Single Sign-On

Setting up the Single Sign-On for Autodesk requires a couple of steps. Make sure that you have admin permission in Autodesk and Microsoft Azure. We will also need to create a new DNS record in your public domain or upload an HTML file for verification.

Step 1 – Add and Verify Domains in Autodesk

The first step is to verify your company’s domain in Autodesk. We will need to prove that we are the owner and admin of the domain.

  1. Open manage.autodesk.com
  2. Click on User Management> By User
  3. Open the Settings by clicking on the gear icon
Enable SSO in Autodesk
  1. Click on Manage SSO
  2. Click on Add and Verify domains
  3. Enter the domain name of your company. This has to be the domain name that is used in the email addresses.

Note

If you don’t see the option Manage SSO, then you don’t have the correct permission of the team. You will need to be the Primary Admin or SSO Admin of the team. Learn more about changing the admin roles in this Autodesk article.
Verify domain in Autodesk

After you have added the domain(s), you will see a list with your domain(s). We will now need to verify each domain. You can do this by either uploading an HTML verification file to the root directory of your domain (where your website is hosted). Or by adding a DNS TXT record.

  1. Click on Verify domain
  2. Download the HTML verification file (or create the DNS records)
  3. Click on Verify now
set up single sign-on autodesk

Tip

If a file verification fails, even though you uploaded correctly and can open the file by clicking on the link (point 3 in the verify domain popup), then just delete the domain from the Domains list and re-add it again.

Step 2 – Set up SSO Connection

With the domain verified we can now create the SSO connection. For this, we will need access to the identity provider, which is Microsoft Azure in this case.

  1. Click on Manage SSO > Set up connection
  2. Enter a name for the connection
  3. Select the Identity Provider Microsoft Azure
Autodesk Azure AD

We now need to create SAML XML file in Microsoft Azure, which we then can upload in Autodesk.

  1. Open portal.azure.com
  2. Open the Azure Active Directory and choose Enterprise Applications
  3. Click on + New Application
Azure AD applications
  1. Search for Autodesk SSO
  2. Select the Autodesk SSO application
  3. Click Create
add autodesk SAML
  1. Wait for the application to be created and click on Get started in 2. Set up single sign on
configure SSO for Autodesk
  1. Choose SAML
  2. Edit the basic SAML Configuration
  3. Click on Add Reply URL and enter: https://autodesk-prod.okta.com/sso/saml2/UNIQUE-ID (Replace “UNIQUE-ID” with any value.)
  4. Enter the following Sign on URL: https://profile.autodesk.com
  5. Click on Save and close the pop-up
SAML configuration
  1. Scroll a bit down and download the Federation Metadata XML file
Download Federation metadata XML

We have now created and downloaded the SAML XML file, which we will need to upload to Autodesk. Go back to the Autodesk portal:

  1. Click on Upload and upload the Autodesk SSO.xml file that we just have downloaded
  2. Scroll down and click on Next (twice)
Upload Autodesk SSO.xml

We will now need to test the connection. To test it, you will need to sign in with a user account that also has an account in Autodesk.

During my test, I got the error Application with Identifier was not found in the directory. It seems that the unique id, that we added in the SAML configuration isn’t matched correctly. I fixed it by changing the unique ID for the Identifier and Reply URL in the SAML configuration to the one listed in the error:

Application with Identifier was not found in the directory
fix Application with Identifier was not found in the directory

After the test is completed you can link the domain(s) to the connection and click on Save connection. This will not enable SSO immediately.

Step 3 – Test SSO with a couple of users

Before you turn on the single sign-on, you should really test it with a couple of users. In the connection list, click on Test and turn on SSO. You will get a popup where you can add the test users first before you turn it on.

Click on Add test users and add the email address of one or more users that you want to test the SSO connection with.

test autodesk single sign-on

Let the test users sign out of their Autodesk applications and sign in again to test if the connection is working. They should see the Microsoft 365 sign-in screen after they enter their email address. If the test users can access their Autodesk applications then you can Turn on SSO for all the users.

Note

Keep in mind that you will need to contact Autodesk support to turn off SSO

Step 4 – Turn on Single Sign On

If you have fully tested SSO then you can turn on SSO for all users. You will need to enable per domain. To turn on single sign-on, you will need to go back to the User Management > Settings page and click on Manage SSO.

Open the tab Manage SSO and click on Test and turn on SSO. Select Turn on SSO and check the box that you understand the risk. Click on Turn on SSO to enable it.

turn on sso in autodesk

Autodesk Single Sign-On is now enabled for all your users.

Wrapping Up

It’s great that single sign-on is now available for all Autodesk users. It makes it easier to manage and protect accounts in Autodesk and users don’t have unique credentials anymore for Autodesk.

The unique ID and reply URL can give some trouble when setting up SSO with Azure. I ended up adding both reply URLs and the unique ID in the SAML configuration to get it working.

I hope you found this article useful, if you have any questions, just drop a comment below.

Get more stuff like this

Revit, Dynamo, Sketchup and BIM Tips

I hate spam too, so you can unsubscribe at any time.

3 thoughts on “How to set up Autodesk Single Sign-On”

  1. You had the same issue that I had with the “Application with Identifier was not found in the directory” However, when I changed the “Unique ID” in the Identifier and Reply URLs to match the “unique ID” that was in the error message, it still gave me the error with a different Unique ID. I tried to test it without re-uploading the .xml file first and then tried again with re-uploading the .xml file. Any ideas?

Leave a Comment

0 Shares
Tweet
Share
Share
Pin