Several key points must be considered before enabling Single Sign-On (SSO) with ForeFlight. First, once SSO is enabled, it will apply to all users within the organization. This means that the organization’s identity provider will handle authentication for all users.
When adding new users, it’s essential to ensure they are added in both ForeFlight on the Web and the Identity Provider. Additionally, the user’s email in ForeFlight must match exactly with the email or Name ID in the Identity Provider to avoid authentication issues.
After SSO is enabled, only Administrators can change user email addresses through ForeFlight on the Web. To maintain consistency across systems, any username changes must be coordinated between ForeFlight and the Identity Provider.
ForeFlight also supports customer certificate rotation, allowing organizations to pre-load rollover certificates for a smooth transition during updates. However, it’s important to note that Single Logout is not currently supported, so users must manage their sessions manually.
Last Updated: