Go to Flowcode
All Collections
Platform Features
Single Sign-on for Flowcode Organizations

Single Sign-on for Flowcode Organizations

Single sign-on (SSO) allows users to authenticate with your Identity Provider (IdP) when logging into the Flowcode platform.
Alex avatar
Written by Alex. Updated over a week ago

SAML SSO is included for customers with Enterprise plans and is available for Enterprise organizations. If you’d like to upgrade to an eligible account, please contact Sales. SAML currently applies to an organization when enabled and is not available on a per-team or per-user basis.

How it works

The SSO user experience for organization members is outlined in the sections below.

Members of an SSO Organization

Members of an SSO-enabled organization have an email address that includes the organization's email domain, for example, @flowcode.com, that was configured during the SSO setup. You can think of these members as internal members of the organization. Members of an SSO organization experience the following process:

  • User submits the Flowcode login form with their email address.

  • User is redirected to the configured IdP.

  • The IdP authenticates the user and then redirects the user to the Flowcode platform.

External Members

An external member is anyone in the organization using an email address on a different domain than what's configured for SSO, for example, @gmail.com. New and existing external members of the organization are not affected when SSO is enabled. External users are not redirected to the configured IdP and experience no change in behavior when logging in. External members experience the following process:

  • User submits the Flowcode login form with their email address.

  • User is authenticated and taken to their Flowcode platform.

Manage Users

Flowcode organization administrators can manage members and teams with the My Org section of the platform. Access can also be directly provisioned through your SSO configuration.

Configure your IdP

Refer to your IdP for general SAML 2.0 setup instructions. Additionally, you will need to enter the following info:

  1. Single Sign-on URL: https://authn.flowcode.com/auth/saml/callback

  2. Audience Restriction / SPEntity: Flowcode

  3. Group Attribute Statements: [insert group attribute statements]

  4. Name: groups

  5. Filter: .*

Using this information, create a new SAML application for provisioning access to Flowcode with your IdP. Once you have set up the new SAML application, share the XML file with the metadata for the application and its SSO configuration with the Flowcode team so that we can complete the setup for your organization.

Troubleshooting

Logging in using Email and Password

If you are a member of an SSO organization you will automatically be rerouted to your IdP if you enter your email address with your organization’s email domain when logging in and you will not be able to log in via email and password.

Logging in Using a Google Account

If you are a member of an SSO organization and have an email tied to a Google account you will still be redirected through your IdP if you try to log in using Google social.

Did this answer your question?