Skip to main content

SSO for Flex/FLEXMLS

Updated

What is it?  

At its most basic level, the FlexMLS Dashboard is a service that lets members log in once and then easily access all of their applications, eliminating the need to remember multiple logins and passwords. FlexMLS in this case is the identity provider and GrowthZone is the consumer.  

 

How does it work?

There will be a link to GrowthZone in the Dashboard and there will be a button to log into FlexMLS on the Info Hub Login page

Example of Info Hub login screen: 

 

Can GrowthZone still be used for usernames & passwords? 

Yes, if there are individuals that are not in their MLS but need access to the HUB then they can use GrowthZone to create credentials. The “Force members to use Single Sign On” needs to be left unchecked.

 

 

 

Prior to implementing this SSO, confirm the API module is enabled in the customer's Tenant.  If the API Access module is not set-up, the Engagement Team needs to contact the customer before any set-up and work is complete to have the pricing discussion and to have the customer accept a sales proposal.

 

 

What does it cost?

 

Currently at the time of writing this 

This is something that can be provided to the Association via their MLS or purchased outright by them, we don’t have any data on what FlexMLS charges. GrowthZone charges $500-$1000 one-time setup + $49/mo API Access module for SSO but Engagement will have the most up to date pricing

 

How to set this up.

 

The setup process involves contacting there account rep and getting a File from them verifying what there are using for matching between the 2 services and then sending them a file once we complete the setup process.

 

Most of the time if you are recieving a ticket from Engagment or an email from FlexMLS on this they should already be providing you the  shibboleth file.

 

If not you would want to get the email for there FLEXLMS agent and get them to provide the information

 

Here is a potential email template to use

 

Hello {Name},
 

This is {Your Name} with GrowthZone and we are looking to assist with Setting up FLEXMLS in the GrowthZone database.

 

  • We would need to get the XML File its normally something like shibboleth
  • And normally the Contact Matching Attrribute that we use is flexmls_nrds_id if its something different please let us know.

 

Thanks

Once you have the file then we need to add it to the T1 (The Main GrowthZone Database NOT the customer Database)

 

I Just found this and it might tell you what Contact Matching ID's FLEXMLS uses, not sure yet but I need to look into it
https://micronetonline.sharepoint.com/:x:/r/sites/RealtorIntegrations/_layouts/15/Doc.aspx?sourcedoc=%7B1F5086D0-AAEF-4C14-B790-574D13453F60%7D&file=Real%20Estate%20Vendor%20Integration%20Specifications.xlsx&action=default&mobileredirect=true

 

 

1. Setting up the Identity Provider record



 

  • In T1, > Setup > Under Single Sign On: SAML Identity Providers > If its fixed you can click the Import button but it has not worked in 2 years

  • Enter the name (in the format of "Provider (Initials of Customer)". For example:

    • FlexMLS (CUSTOMERS acronym)

  • To pull the next information you need to open the Service ProviderMetadata.xml using a text editor to get the information from required from the file, I use Visual Studio code for this but any text editor should work

  • Sign On URL* Should be linked with one of the SingleSignOnService Location that ends with .../Redirect/SSO



  • The Logout URL* Should match with A SingleLogoutService Locations that ends with  .../Redirect/SLO



  • The Partner Certificate (PEM Format)* will match to the large X509Certificate




     

  • If you click the Advanced Options you will see some extra options its a good idea to double check them but

  • Signature Method, Sign On Service Binding,Logout Service Binding and NameID Format are all prefilled in my experiance.

  • Contact Matching
    SAML Attribute Path is normally flexmls_user_name and the Matching Field is Account Number but you need to check with FlexMLS to make sure on this one. If you did not get it be sure to let them know what you matched with so they can doublecheck.

  • Click done: this will import the customer's identity provider metadata

  •  

  • If Contact Matching is not configured correctly, the SSO will simply not work. 

 

2. Setting up the Service Provider record

 

 

 

  • In T1, > Setup > Under Single Sign On, SAML Service Providers > Click Add


     

  • Enter the name (in the format of "Provider (Initials of Customer)". For example:

    • FlexMLS (HAOR)

  • Under 'Provider Configuration', in the 'Service Provider Name' field, enter 'spGrowthZoneXYZ' where XYZ is the abbreviations of the customer. Some examples are:

    • spGrowthZone(HAOR)

    • After this you will need to download a ServiceProviderMetadata.xml file to send to the Flex MLS

    • Next to the SAML Service Provider that you just setup will be a download option you will need to click on that and provide them the file when replying back on the ticket



      Mine goes to the Download folder but the download location can vary

 

3. Enable Single Sign on

  • T1 > Admin > Access Customer's Tenant > Setup > Single Sign On > Check Enable Single Sign On


     

  • Under 'SAML - Hub & Public' Set a SAML Identity and Service Provider (Select the names set in Step 1 and 2 above)

If the settings for 'SAML - Backoffice' will be different than for the Hub & Public, uncheck 'Same as Hub and Public'and set a SAML Identity and Service Provider (Select the names set in Step 1 and 2 above)



4. This should now be setup

 

NOTE: Make Sure that you are sending out the file that you download in step 2 to FlexMLS otherwise this will not work and they will come back looking for it.
They may also be looking for some specific END points for the API and most of the time what they need can be found on this page