Single sign-on (SSO) for Flowcode organizations

SAML SSO is included for customers with Enterprise plans and is available for Enterprise organizations. If you’d like to upgrade to an eligible account, please contact Sales. SAML currently applies to an organization when enabled and is not available on a per-team or per-user basis.

The SSO user experience for organization members is outlined in the sections below.

Members of an SSO-enabled organization have an email address that includes the organization's email domain, for example, @flowcode.com, that was configured during the SSO setup. You can think of these members as internal members of the organization. Members of an SSO organization experience the following process:

An external member is anyone in the organization using an email address on a different domain than what's configured for SSO, for example, @gmail.com. New and existing external members of the organization are not affected when SSO is enabled. External users are not redirected to the configured IdP and experience no change in behavior when logging in. External members experience the following process:

Flowcode organization administrators can manage members and teams with the My Org section of the platform. Access can also be directly provisioned through your SSO configuration.

Refer to your IdP for general SAML 2.0 setup instructions. Additionally, you will need to enter the following info:

Using this information, create a new SAML application for provisioning access to Flowcode with your IdP. Once you have set up the new SAML application, share the XML file with the metadata for the application and its SSO configuration with the Flowcode team so that we can complete the setup for your organization.

The process is quick, but both you and your Client Success Manager do have a few things to set up to make it happen. Please give a 7 day leeway prior to SSO launch.

No, members have to be listed by the company. That is the beauty of SSO, it lets you determine who gets access and who does not get access to Flowcode vs. manually removing people from orgs. Any employee could attempt to signup with their email, but if it is an email domain we have listed as an SSO client they will be blocked from signing up with their work account and told to contact an admin from their team.

You just log in exactly how you normally would. Visit flowcode.com/signin. When you enter your email the password piece to logging in will disappear and you will be prompted to click SSO. This will work whether or not you have logged in before.

You will lose the code you created, but you will be able to log in to your new account

No, if you are invited as an admin you will be an admin when you first sign in via SSO. If you were invited as a member, it will be the same.

Your IT department will remove you from the Identity Provider (Azure/Okta) so you lose access to all of your applications, Flowcode included. But while you won’t be able to access you account, we still recommend the Org Admin manually remove you from the org so all your assets get transferred back to the admin.

If you are a member of an SSO organization you will automatically be rerouted to your IdP if you enter your email address with your organization’s email domain when logging in and you will not be able to log in via email and password.

If you are a member of an SSO organization and have an email tied to a Google account you will still be redirected through your IdP if you try to log in using Google social.

If you have questions, please email our support team at [email protected] or reach out to your dedicated Client Success Manager.