Search code examples
fieldautodeskautodesk-bim360

BIM 360 Field classic authentication - Single Sign On

My company is currently using a username and password to authenticate against the BIM 360 Field classic API . The username is in the format [email protected].

We're looking at using Autodesk's SSO solution so that anyone with an @corpxyz.com email address will use SSO.

Does anyone know if the Field classic API supports SSO? I'm suspecting that once we enable SSO for corpxyz.com login attempts to the API will fail.

Update (2020-03-17)

My company is not currently fully enabled for SSO within the domain. We're whitelisting users during our pilot testing. I've found that I can succesfully communicate with the Field Classic API with an SSO enabled account. What still needs to be determined is if this behaviour changes once a domain is fully SSO enabled.

Mike

Solution

  • To use SSO with BIM360 Classic Field, you need to create a Forge developer account, and follow the steps below you should be able to log in with Autodesk ID and by extension SSO:

    1. Follow the steps in from this tutorial and get a forge access token

    2. After getting the access token, you can call POST api/login_by_forge_token and get a Field internal ticket. Here is the API documentation, but it's not listed on Field API documentation currently since it's for our enterprise customers only.

    POST api/login_by_forge_token
Description: Attempts to authenticate with the mobile API using a forge access token. On success, returns a 36 byte GUID "ticket" which needs to be passed in on subsequent calls.
 
Status Codes:
200 User has authenticated and is successfully logged in.
500 failed to verify user
 
Access: FREE
Return: JSON - Returns a ticket which must be passed for each subsequent request in the session.
Parameters:
forge_token : string - The forge access token.
device_type : string - (optional) The type of device
device_identifier : string - (optional) A unique identifier for the device.

    Note1. Please select BIM360 product while creating a Forge app by following the create app tutorial mentioned in the here.

    Note2. This Field internal ticket is the same ticket as when you get it by calling POST api/login, and can invalidate it via POST api/logout.