SAML SSO is included for customers with Enterprise plans and is available for Enterprise organizations. If you’d like to upgrade to an eligible account, please contact Sales. SAML currently applies to an organization when enabled and is not available on a per-team or per-user basis.
How it works
The SSO user experience for organization members is outlined in the sections below.
Members of an SSO Organization
Members of an SSO-enabled organization have an email address that includes the organization's email domain, for example, @flowcode.com, that was configured during the SSO setup. You can think of these members as internal members of the organization. Members of an SSO organization experience the following process:
User submits the Flowcode login form with their email address.
User is redirected to the configured IdP.
The IdP authenticates the user and then redirects the user to the Flowcode platform.
External Members
An external member is anyone in the organization using an email address on a different domain than what's configured for SSO, for example, @gmail.com. New and existing external members of the organization are not affected when SSO is enabled. External users are not redirected to the configured IdP and experience no change in behavior when logging in. External members experience the following process:
User submits the Flowcode login form with their email address.
User is authenticated and taken to their Flowcode platform.
Manage Users
Flowcode organization administrators can manage members and teams with the My Org section of the platform. Access can also be directly provisioned through your SSO configuration.
Configure your IdP
Refer to your IdP for general SAML 2.0 setup instructions. Additionally, you will need to enter the following info:
Single Sign-on URL: https://authn.flowcode.com/auth/saml/callback
Audience Restriction / SPEntity: Flowcode
Group Attribute Statements: [insert group attribute statements]
Name: groups
Filter: .*
Using this information, create a new SAML application for provisioning access to Flowcode with your IdP. Once you have set up the new SAML application, share the XML file with the metadata for the application and its SSO configuration with the Flowcode team so that we can complete the setup for your organization.
Troubleshooting
Logging in using Email and Password
If you are a member of an SSO organization you will automatically be rerouted to your IdP if you enter your email address with your organization’s email domain when logging in and you will not be able to log in via email and password.
Logging in Using a Google Account
If you are a member of an SSO organization and have an email tied to a Google account you will still be redirected through your IdP if you try to log in using Google social.