Add ability to use Azure Active Directory for FME Server security

Funny, I did not think it would not be supported. That alone makes this idea worth a vote-up.

We have not (yet?) moved our active directory to the cloud, but as soon as we do, we need this. Might as well be handy when integrating FME Cloud in an organisation. Ofcourse an on premise AD-server can't be used in Cloud (without some open ports and port routing you really should not want), but with this option an existing Azure AD can be used to manage the roles and such on a cloud instance.

Can't see why this is not a good option.

My organisation will soon be decommissioning our on-premise Active Directory servers and replacing these with Azure AD. We therefore have a pressing requirement for this functionality.

We have.... moved to AAD, since my previous comment. The requirement of ours might not be as pressing as yours, but would like to have it.

Is this possible yet?

is there any update on PR#76076 @fmelizard?

@nrich, This is not possible yet. Sorry for the slow response. If this is becoming critical for you do let us know.

@steveatsafe More and more companies are migrates their on-premise AD into Azure AD.

We did also.

We are using FME Server for a couple of years "stand-alone". Now, we want to integrate FME Server as a part of our international production process (Credits for Safe Software). For this reason its very important that we can connect our FME Server with the Azure Active Directory.

I want to ask you if this can be supported in a short time.

@steveatsafe, More and more companies migrates their on-premise ActiveDirectory into the AZURE ActiveDirectory. We did also!

Hi Steve, our company is also looking to decommission our Active Directory servers, is the being looked into FME Server 2020?

This is getting more and more critical for our clients, the move to Azure AD is truly taking flight. Some of our clients start listing it as a prerequisite for adopting FME Server.

We will be investigating adding support for authenticating with Microsoft Azure Active Directory for FME Server. This state transition to "Under Consideration" represents the very, very early stages of development and does not guarantee that the feature will be available in a future release. The target release is not finalized, though it will likely require an FME Server 2021.x release.

We appreciate all of the votes and comments that have collected on this idea! As we hit milestones in the development stages, we plan to share those with the FME community here.

More and more of our clients want to be able to log on a FME server using their own cloud identity provider. I'm adding this comment because it is not always Azure AD. But as long as SAML is supported any IDP can then be used.

Adding to this in that our data is currently being moved into the Azure cloud with SQL Server instead needing to authenticate with Azure Multi-Factor Authentication (MFA). Currently have found no way to authenticate to the new production server with FME 2020, which is going to become an issue when the older on premises SQL Server is turned off in mid 2021.

Hi all,

This is good news, does this means it includes ADFS (Active Directory Federation Services)?

Kind regards,

Krien Guijt

Adding to this, this is becoming critical in our organisation too. Our data cloud now no longer puts enhancements or new schemas on the older on-premises SQL Server, and instead is locked behind Azure AD Authentication on the newer Azure cloud instance, so there is now key datasets we can't get to with FME, and this is only going to get worse this year with likely switching off of the on-prem server by the end of the year.

I guess an extra question/request. Why would this not also be developed for FME Desktop? Most of our authoring/development goes on in this space.

Please note that we have updated the target release for authentication using Azure Active Directory to log in to FME Server—we are now planning for the 2021.2 release in November.

We had previously communicated that we aimed to release with FME 2021.1 in July. I'm sorry for the delay and for any changes to upgrade plans you may have had. We did not take this decision lightly, but it was necessary to ensure a rounded experience between FME Desktop and FME Server.

We will do our best to keep you informed on any further development.

@rylanatsafe is there an update on this? Is it still scheduled for release in November 2021?

Our business is really looking forward to news on this topic.

@kathrynharrold8 We are still scheduled to release this for 2021.2 in November. We are nearly complete on the FME Server-side and are working on the FME Desktop-side of this integration. You would be able to test using the latest 2021.2 betas (available from safe.com/betas) but I would advise waiting until we flip this idea to 'In Beta'—we haven't completed the rigorous quality checks yet!

Great work @rylanatsafe! I'll have a go with the beta.?

Will there also be a BETA of the FME Platform 2021.2 at https://azuremarketplace.microsoft.com/en-us/marketplace/apps/safesoftwareinc.fme-platform-2020?tab=overview @rylanatsafe ? We will be happy to test it when in BETA.

Hi folks! I'm happy to announce that Azure AD authentication is now in our FME Server 2021.2 BETA. Head on over to our beta downloads to try it out: https://www.safe.com/support/downloads/#beta.

We appreciate any and all feedback you might have! Thanks for your continued interest in this idea and for supporting advancements for FME Server. We can't do it without you. :)

@sigtill regarding Azure Marketplace, we don't have any plans to release betas on Azure Marketplace, but you should be able to find 2021.2 there a few weeks after the official release. The official release of 2021.2 is slated for early November.

Thanks @nathanatsafe - will try it once the Marketplace is up in early November!

This is good news, and i look forward to this also being made available in desktop.

I recently joined a new company and need to access a key reporting database in azure sql server which is all authenticated via azure AD so currently i can't get access. Very much look forward to this being made available in desktop ASAP please folks :)